As artificial intelligence becomes increasingly relevant, the mandate to prioritize data security has never been more pronounced in the enterprise. However, artificial intelligence for IT operations is introducing new threat vectors for malicious actors to infiltrate networks, steal crucial data and proliferate ransomware. How can companies approach the delicate task of balancing efficient cloud operations with cybersecurity for AI?
Teradata’s Billy Spears talks with theCUBE about cybersecurity for AI.
“Today we have these cloud products, two amazing products customers can choose from,” said Billy Spears (pictured), chief information security officer of Teradata Corp. “And inside of that, we’ve built things like threat models. That’s all the behind-the-scenes risks. We think about it so you don’t have to. Then what we do is take that information and we build things in with all kinds of application security testing. We start from the open-source testing; we bring it in on a static environment. Once we’re ready to go to production, we have [a] runtime environment.”
Spears spoke with theCUBE Research’s Rob Strechay and co-host Savannah Peterson at Teradata Possible during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed Teradata’s blueprint for companies navigating the complex intersection of cloud computing, AI and regulatory compliance. (* Disclosure below.)
Cybersecurity for AI: Overcoming regulatory and compliance challenges
Today’s companies struggle with the unique challenge of cybersecurity for AI. Malware and worms can infiltrate AI systems in unpredictable and unforeseen ways. Due to their inherent learning capabilities, AI systems have access to vast amounts of data, making them prime targets for cybercriminals looking to exploit vulnerabilities, Spears noted.
“Nobody knows where the cloud is, but all it is taking [is] physical infrastructure, things you can touch to virtualized infrastructure,” he said. “Maybe yours [is] in Microsoft, and it’s sunk in the middle of the ocean. What we have around security is [a] purposeful investment across all the major categories. We don’t worry about defensive layers, we don’t worry about the posture. We follow the data at the scale you want, and we meet you wherever you are, and we have options for you.”
The world of regulatory compliance is complex. As more organizations migrate to the cloud, they face stringent regulations and security frameworks, often tailored to specific industries or regions. From Payment Card History to the Health Insurance Accountability and Portability Act and from the International Organization for Standardization to Security Operations Center certifications, businesses must adhere to a wide array of security standards. In cloud environments, these standards become even more intricate due to the global nature of data transfer. Customers face a heavy burden in managing hundreds, if not thousands, of controls for regulatory compliance, according to Spears.
“It’s complicated, and there are so many regulations, rules and frameworks … there are so many different sets of controls,” he said. “We’re talking hundreds if not thousands of controls you have to think about. On-prem, you have to manage that all by yourself. In the cloud, we do all that homework for you, which is phenomenal.”
The Digital Operational Resilience Act standard, for instance, is set to come into force by 2025. It will be one of the most stringent compliance regulations to date, particularly for the financial sector. The act mandates cloud recovery capabilities to ensure financial services can continue operating with minimal downtime, adding a new layer of resilience to cloud infrastructures, according to Spears.
“We know exactly where this DORA is, and it is probably the most stringent regulation since we’ve seen [the General Data Protection Regulation],” he said. “We’re already ahead of those things. We have all these certifications across all of our product lines now, and we’re still achieving greater heights.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of Teradata Possible:
(* Disclosure: TheCUBE is a paid media partner for Teradata Possible. Neither Teradata Corp., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)