Wouldn’t you like to stop losing sleep worrying about what your AI team, partners and suppliers are doing with your data?
Marvin Minsky is recognised as one of the founding fathers of artificial intelligence. Increasingly eccentric, anyone who spent time with him became aware that individuals are unpredictable. What makes humans predictable is behaviour in large numbers. Yes, we’re talking about big data and analytics. Data, analytics and AI go together like eggs, toast and coffee. The price you pay for this breakfast increases radically with poor security. When designing AI into your business ask yourself three questions.
1. Are your AI plans supported by an encryption strategy?
A global law firm may want to install software that predicts the type of contract and clauses it needs for a new client depending on the client’s profile or legal situation. The firm’s AI team says the software contains encryption. However, in this scenario where are the encryption keys? Do the standards comply to an auditor’s policies? Who will manage the lifecycle of the keys? It’s important to understand that encryption will affect data in other related applications and processes as well. And siloed encryption for every application will add cost and complexity across the business.
2. Is your AI strategy fit for compliance?
As I inferred above, AI systems rely on a phenomenal amount of data to make sense of situations and predict an outcome. You may be a retailer predicting the mood of a potential buyer using deep learning for sentiment analysis, or maybe you run an aircraft lease company consuming diagnostics to make critical decisions about engine component failures. In both cases, data originates, and is consumed in multiple geographies within a variety of regulatory environments. It is critical that you plan for data security that upholds your security posture in all geographies. This can only be accomplished with encryption, data masking, key management and access policies working in unison with governance recognised by individual territories. To be fit for compliance, a global security partner with an enterprise data security platform should be a part of the team executing your AI vision.
3. How will you secure AI data in the cloud?
Your data provides insight and fuels good decision making within AI systems. Your business data combined with that of your competitive peer group fuels even better AI outcomes. For this reason, analytics and AI platforms may aggregate industry data from multiple companies within cloud-based systems for independent analysis, resource efficiency and computing power. This can be the perfect recipe for CIO insomnia. Who holds your data? (cloud provider? AI platform provider?) How are they segregating it? Are they returning it to the right company every time? Are they encrypting it? If the cloud provider encrypts your data and has the ability to decrypt it, then what happens when a subpoena arrives requesting your data? The answer is to obfuscate the data in a way that still preserves its format and ability to be processed by third parties, but proves completely useless if stolen or accidentally revealed. At all times it should remain within your control and never converted to clear text without the permission of your business or approved AI applications. Data security platforms exist to perform this function.
Rather than the artificial security provided by native cloud encryption or AI platform proprietary encryption, true enterprise data security platforms provide real security for artificial intelligence so you can sleep easy.
McCarthy, J. 1990. “Generality in artificial intelligence”. In Lifschitz, V., ed., Formalizing Common Sense. Ablex. 226-236.
A. Sloman and R.L. Chrisley, Virtual machines and consciousness, in Journal of Consciousness Studies, 10, 4–5, pp.113–172, 2003
Dr. Ilesh Dattani – GEMOM: Significant and Measurable Progress beyond the State of the Art
The post Does artificial intelligence mean artificial security? appeared first on Data Security Blog | Thales eSecurity.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Ollie Omotosho. Read the original post at: https://blog.thalesesecurity.com/2019/02/12/does-artificial-intelligence-mean-artificial-security/