AI will help virtualised data containers manage their own security, access control

Normalising the use of artificial intelligence will improve decision-making and contextual access control, security strategist predicts

Although virtualised data 'enclaves' offer the best control over enterprise data now, CISOs will increasingly rely on artificial intelligence (AI) technologies to keep ahead of changing threat exposures as data becomes increasingly “self controlling”, one leading security strategist has predicted.

Organisations that use virtualised enclaves to contain and segregate enterprise data in mobile devices “are getting the best return on their investment,” Citrix chief security strategist Kurt Roemer told CSO Australia. “By mobilising data in an enterprise container that's treated as a set of project-based enclaves on the mobile device, your enterprise data never leaves your control. That lets you focus resources on sensitive data and not just on the security technologies and controls that are supposed to apply to everything.”

As the logical isolation of data became commonplace and enabled businesses to move key data between devices securely, growing integration of AI technologies into the control fabric of those enclaves would help security technicians improve not only the collection of security performance information, but to locally identify potential breach conditions that are conveyed to administrators in real time.

This approach would enable the modelling and enforcement of security controls around formal service level agreements (SLAs) that would be managed and reported on by increasingly intelligent, self-managing containers that would maintain security capabilities even when the workloads were placed into cloud environments.

AI tools will be essential in “considering the workflows that take into account the different relationships, networks, and boundary conditions that help provide the right level of risk in the organisation,” Roemer said. “When you do that, it often leads you to different conclusions than you get on the network you may have in place right now.

You really have to break with the past; having security built into the SLA is a completely different way of looking at it.” Folding security considerations into SLAs will go a ways towards alleviating executive concerns that security incidents such as DDoS attacks could potentially breach such agreements: one recent survey found SLA violations were named by 55 percent of executives as a key concern when ranking potential repercussions from a security breach.

Security aspects of SLAs have also been named as a key consideration in enterprise relationships with suppliers and other third parties. Although the integration of AI and SLA-focused security practice will be increasingly important in emerging distributed enterprises, many of those companies were still struggling to make the change with legacy systems still in place; rather, Roemer said, companies usually only get to that stage after a breach or during a major business change, such as merger & acquisition activity.

Fully realising the potential of AI technologies will require a more mature perspective of the technology, he added, noting that most organisations still think of AI primarily as a tool for automating security log analysis.

“They're thinking about how they can get a lot of intelligence from the logs they're collecting,” he explained. “It's a good first step but really is a minor evolution. To fully leverage AI will require getting into a dev-test mentality and thinking about how you can use information from multiple sources. Instead of having the AI system to automate something you already have in place, you should use it to provide actionable intelligence that you wouldn't otherwise have had – or that a human wouldn't have been able to come up with.”

Those insights would become more evident as AI tools allowed security monitoring policies to extend to parts of the enterprise that might never normally be visible in the same context. For example, AI might not only be used to look for anomaly conditions and alert administrators, but to monitor paths of communication between application components and automatically reroute that traffic if an issue is detected.

As well as helping monitor environments, integration of AI into data containers will also allow granular, context-specific decisions to be made and enforced around access to the data inside those containers.

These decisions will be adaptable based on the circumstances of access – for example, the location or device used by the person requesting access – and enforced at a highly granular level. “An AI based system will be able to look at intelligence systems, contracts, and business relationships, then decide whether a system should still be accessible and whether someone has the right to share that data or not,” Roemer said, noting that the 'all-access pass' – conventional user ID-and-password gateways – had to evolve. “Access needs to be continually evaluated and contextual,” he explained, “and ultimately data is going to need to be really self-controlling. All of us change our situations throughout the day and your access needs to be constantly evolving to meet the unique risks of each of those situations. Eliminating the all-access path is about making the access very specific to the risk that is presented.”

Join the CSO newsletter!

Error: Please check your email address.

Tags DDoS attacksthreat extractionSLAartificial intelligenceThreat exposurecyber security

More about CitrixCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place