AI will help virtualised data containers manage their own security, access control

Normalising the use of artificial intelligence will improve decision-making and contextual access control, security strategist predicts

Although virtualised data 'enclaves' offer the best control over enterprise data now, CISOs will increasingly rely on artificial intelligence (AI) technologies to keep ahead of changing threat exposures as data becomes increasingly “self controlling”, one leading security strategist has predicted.

Organisations that use virtualised enclaves to contain and segregate enterprise data in mobile devices “are getting the best return on their investment,” Citrix chief security strategist Kurt Roemer told CSO Australia. “By mobilising data in an enterprise container that's treated as a set of project-based enclaves on the mobile device, your enterprise data never leaves your control. That lets you focus resources on sensitive data and not just on the security technologies and controls that are supposed to apply to everything.”

As the logical isolation of data became commonplace and enabled businesses to move key data between devices securely, growing integration of AI technologies into the control fabric of those enclaves would help security technicians improve not only the collection of security performance information, but to locally identify potential breach conditions that are conveyed to administrators in real time.

This approach would enable the modelling and enforcement of security controls around formal service level agreements (SLAs) that would be managed and reported on by increasingly intelligent, self-managing containers that would maintain security capabilities even when the workloads were placed into cloud environments.

AI tools will be essential in “considering the workflows that take into account the different relationships, networks, and boundary conditions that help provide the right level of risk in the organisation,” Roemer said. “When you do that, it often leads you to different conclusions than you get on the network you may have in place right now.

You really have to break with the past; having security built into the SLA is a completely different way of looking at it.” Folding security considerations into SLAs will go a ways towards alleviating executive concerns that security incidents such as DDoS attacks could potentially breach such agreements: one recent survey found SLA violations were named by 55 percent of executives as a key concern when ranking potential repercussions from a security breach.

Security aspects of SLAs have also been named as a key consideration in enterprise relationships with suppliers and other third parties. Although the integration of AI and SLA-focused security practice will be increasingly important in emerging distributed enterprises, many of those companies were still struggling to make the change with legacy systems still in place; rather, Roemer said, companies usually only get to that stage after a breach or during a major business change, such as merger & acquisition activity.

Fully realising the potential of AI technologies will require a more mature perspective of the technology, he added, noting that most organisations still think of AI primarily as a tool for automating security log analysis.

“They're thinking about how they can get a lot of intelligence from the logs they're collecting,” he explained. “It's a good first step but really is a minor evolution. To fully leverage AI will require getting into a dev-test mentality and thinking about how you can use information from multiple sources. Instead of having the AI system to automate something you already have in place, you should use it to provide actionable intelligence that you wouldn't otherwise have had – or that a human wouldn't have been able to come up with.”

Those insights would become more evident as AI tools allowed security monitoring policies to extend to parts of the enterprise that might never normally be visible in the same context. For example, AI might not only be used to look for anomaly conditions and alert administrators, but to monitor paths of communication between application components and automatically reroute that traffic if an issue is detected.

As well as helping monitor environments, integration of AI into data containers will also allow granular, context-specific decisions to be made and enforced around access to the data inside those containers.

These decisions will be adaptable based on the circumstances of access – for example, the location or device used by the person requesting access – and enforced at a highly granular level. “An AI based system will be able to look at intelligence systems, contracts, and business relationships, then decide whether a system should still be accessible and whether someone has the right to share that data or not,” Roemer said, noting that the 'all-access pass' – conventional user ID-and-password gateways – had to evolve. “Access needs to be continually evaluated and contextual,” he explained, “and ultimately data is going to need to be really self-controlling. All of us change our situations throughout the day and your access needs to be constantly evolving to meet the unique risks of each of those situations. Eliminating the all-access path is about making the access very specific to the risk that is presented.”