Guest blog courtesy of TD SYNNEX and authored by Tracy Holtz, Vice President, Cloud Solutions, Americas, TD SYNNEX
Although artificial intelligence (AI) is becoming an increasingly valuable and desirable tool for the enterprise, many are still hesitant to implement it for fear of higher security risks.
This is understandable, of course: I even talked about the pros, the cons and how to strategize around the AI revolution a short time ago myself.
“Any exposure to internal data on an AI-enabled network — or really anything a user has access to on that network — becomes a tool for hackers to more easily find things.” Said John Peterson, Senior Manager of Microsoft Cloud Sales and Engineering at TD SYNNEX.
But just because AI can be a cause for concern does not mean we should run away from it. In fact, if you’re a security provider or an MSSP right now, you should be running towards AI — not just because it’s a key enablement tool for security teams, but when we break it down, it doesn’t require much more work to secure than most other cloud network builds.
“When it comes to stopping bad actors from tampering with AI on cloud networks, we just need to do the basics — and yes, they are super important!” Said John, who has worked with Microsoft on thousands of AI-enabled cloud network builds through TD SYNNEX, building a comprehensive system to ensure his team offers customers the best protections.
Through his experience, he cites two easy-to-implement security and anti-phishing tools as a good starting point for enterprises to secure AI-enabled cloud networks:
Multi-Factor Authentication (MFA)The first tool to understand and implement is multi-factor authentication (MFA) — and although this solution is often discussed as a pillar of modern security, it is only selectively utilized in practice.
“MFA — at least from my chair of having implemented millions of seats across Fortune 20 companies, SMBs and the mid-market space — is often forgotten,” John said about MFA. “All of the companies I’ve seen get hacked don't even have this feature turned on!”
MFA is a simple password methodology where users must present two or more pieces of ‘evidence’ to an authentication mechanism to confirm their identity on a network. This evidence could be a combination of things — such as a password and a text message code, or a PIN and a retina scan — but typically, a standard MFA requires identities be confirmed with at least two of the three following categories:
- Something You Know (Like a password or PIN)
- Something You Have (Like a work badge or a smartphone)
- Something You Are (A feature that’s distinctly yours — like your voice or fingerprints)
By implementing something as simple as MFA, you can have a massive impact on cloud security. In fact, recent Microsoft studies show that 99.99% of MFA-enabled accounts remained secure in the event of a cyberattack.
“To be clear though: MFA doesn't solve all problems, but it does solve a lot of them, making it far more difficult for bad actors to get through to an identity.” John concluded, adding that there is one other tool that makes the difference when it comes to securing AI-enabled cloud networks.
Identity and Access Management (IAM)
The second tool partners can easily implement and use is identity and access management (IAM).
Although protecting the individual account with MFA needs to be done, protecting the data a particular user account can access on a network is just as critical — and IAM was made to help organize and optimize networks at this stage!
IAM enables secure access to company resources (like emails, databases and applications) to verified identities. This helps manage data access without an overbearing sense of interference, allowing the right people to do their jobs quickly, while ensuring the wrong people are denied entry.
Sounds great on paper, right? But implementing IAM can become a major challenge for larger and well-established companies, particularly if these organizations have been generating information on various networks for a long time or do not implement any data governance as they grow their business. But experts like John agree the effort to organize data with an IAM tool is worth it: especially if it prevents “over-permission” from occurring.
“Let's just say I’m in the payroll department and have a file with everybody’s salaries and bank account numbers in it.” John continues, citing a quick example of over-permission, “But this file does not have any data governance attached, or even a good IAM tool to help classify it. If that file is shared and there's no protections on it, everybody will see everybody else’s personal information and that's definitely not what a company wants.”
By implementing an IAM platform with granular data permissions and an easy-to-use management portal, you can help determine what data your client’s departments, teams and even individual users can access on the cloud network and the AI tool it works with. MSPs and other similar types of businesses have a major opportunity to use IAM to help a client with their data governance, all while further securing networks in the case of a breach.
The True Test for Secure AI-Enabled Cloud
The final piece of advice John has for partners who want to explore secure AI in cloud networking is ensuring clients have an executable plan to regularly assess and maintain their company’s data security.
“Most organizations haven't done a lot of due diligence around making sure their data is secured correctly, and that is often the biggest lift when it comes to starting and maintaining AI-enabled cloud networks.” John said, “An organization needs to go through all their documents, sites and databases regularly to make sure they are appropriately protected.”
John confirms that the evaluation and establishment of a data security and maintenance plan is often one of the most time-consuming parts of implementing AI properly into a cloud network — but there is help in the market for people who need it!
Partners in the IT channel, like AvePoint, have been working diligently to create security assessments for AI security, particularly for Microsoft’s new Copilot AI assistant. These assessments can help partners quickly identify their vulnerabilities and repair them before any updates or new tools are implemented.
You can learn more about service offerings like these by attending AvePoint’s on-demand webinar, which covers their Copilot security assessment and remediation service. Plus, if you watch the webinar before March 31, 2024, you could get a three-month free trial of AvePoint’s Copilot assessment to use on any end user!
