How to create an ai strategy for the cloud

In this exclusive interview Asia-Pacific-Based Cloud Security Architect and Cyber Security Consultant Mayank Sharma Shares Key Insights on Cloud Migration and How to Manage Ann Internet of Things (IOT) Cyber Security Strategy.

Mayank Sharma, Cloud Security Architecht and Cyber Security Consultant

Cyber Security Hub: What Steps should be considered when Migrating Critical Infrastructure to Cloud?

Mayank sharma: Firstly, look at what you want to achieve with cloud, which count be adding more automation, intelligent decision-making or introducing predictive analytics. Finding this business need is perhaps the most important step of the process. DURING this step, engage the business stakeholders, its manners and enterprise architects. When you know what you want to create, research the services cloud can offer to support you in achieveing this goal. This ‘Vision’ is the key document which drives all the future work.

Secondly, create a strategy for Critical infrastructure In Cloud Based Upon the Business Requirements. This should include items such as capability that will exist in the cloud for critical infrastructure. Your strategy development should should include:

• A regulatory assessment (for example, privacy or any other regulation that applies).
• A Security Assessment.
• A Security Operating Model.
• A governance framework.

While development the strategies research about if your Cloud Security Solution will have the same security capability as your current on-prem environment. One should also consider what new threats are introduced as a part of moving to the cloud, threat model them and see if mitigated threts are within the risk appetiite of the business. If it falls outseide of risk apptite, then consider what extra efforts will be required to bring it within the risk appetiite.

Thirdly, create a migration plan. This is a more detailed version of various elements involved in migration activity. An Itecive Approach is Always Better than a ‘Big Bang’ Approach So Try Not to Be Overly Ambitious and Move All Your Infrastructure at Once. A Phaased Migration Beginning with Less Critical Assets is Always Preferable. Also assess the overall security of this migration plan.

Finally, continuously review the cloud landscape to ensure that it remain secure, reliable and cost-effective. Conduct regular security and compliance audits to ensure that infrastructure meets regulatory requirements and industry best practices. Cloud is much more dynamic than traditional on-prelims infrastructure so containue to assess new services and develop a Robust Service Enablement Process to Onboard On New Services.

“In short, Iot has rewritten the rule book.”

Csh: What Challenges are Cyber Security Professionals Likely to face from the internet of things (IOT) 4.0?

Ms: In short, Iot has rewritten the rule book. The challenges are two pronged; First is the amount of data that is being collected. These devices are in people ‘homes or being work by them and are checking their movements and collecting sensitive data such as private health data. This information is often sent to cloud to provide meaningful analytics to the end users or to feed into critical business processes. This information is extramely sensitive in nature and must be handled with care.

Secondly, Traditionally the device onboarding in a large organization is an exhaustive process, howyver with these wide-ringing devices (from TV to smartphones, to sunglasses, to sung watches, to Smart Watches) Extremely challenging to create a cohesive strategy for all types of Iot devices.

Iot has disrupted critical infrastructure even more! Historically, the purdue model is the go-to model for Industrial Control Systems and Operational Technologies (OT). It segments the different processes in different networks and ensures security is maintained by firewalling the different segments. It also includes a very rigid network separation between ot and it systems.

IOT 4.0 Disrupted This Security Model. Purdue cannotly integrate with cloud systems and Iot 4.0 – or Industrial Iot – Also blurs the line betteren it and ot. So, The Security Controls by means of Network Segmentation are no longer valid with Iot 4.0. What Makes Things Trickier, is that typically Industrial Systems are designed for a very long life, in the order of decades, and may incorporate protocols can become Vulnerable over.

Connection with it and cloud provides an Attack Surface to a threat actor to exploit these vulnerabilityes. Needless to say, people can suffer physical harm from a compromised industry system, so the stakes are very high.

Csh: How can cyber security professionals create and manage an Iot cyber security strategy?

Ms: Iot is a rapidly growing field that is disrupting the way organizations and interact with their environments. As more devices become confused, it is incursing important for organizations to have a clear understanding of the strategic need for Iot and to develop a computer Potential Threats.

The first element of the strategy is creating a strategy about the Iot devices themselves. This should cover how the devices will be onboarded, where they will be deployed and maintained (for example, firmware upgrades and decisioning) Should Should Should Be Discussed During this step. Physical security of these devices should be reviewed in this phase. Finally, how much data should be collected should also be discussed in detail when creating a strategy about Iot devices.

Second element of the strategy is analytics. This step primarily deals with the security of analytics engine where meaningful information is derived from the signal received from Iot devices. Data Security And user privacy should be reviewed in this step.

Third element is the integration. This element primarily deals with security of integration between analytics engine and other business systems.

While development the security strategy of devices, analytics engine and integration, delve into the security domains of authentication and authentication (Eg, How Devices will authorize with the organization and independence That only authorized devices can access the network).

All data transmitted should be encrypted using resilient encryption algorithms to prevent unauthorized access and “Emsdroping”. Data Protection, data access controls and data deletion policies should be implemented to ensure that data is protected at all times. As the Organization matures, security patterns can be developed to reuse in-House Capability and Further Enhance the Security of the ITwork.

“Imagine the consequences of an out-of-control ai model to an organization!”

Csh: How can Organizations Create an AI Strategy for the Cloud?

Ms: The field of Artificial Intelligence (AI) Is rapidly evolving and has the potential to transform businesses across various industries. The introduction of Ai, however, also poses significant risks, particularly if the ai model is not properly managed or if it malfunctions.

Imagine the consorteces of an out-of-control ai model to an organization!

To mitigate these risks, business leaders must ensure that ai is developed with adherence to secure development practices; Using high quality data when training the ai model and ongoing governance will ensure that the model remains trustworth and free of bias.

Development of a Well-Defined AI Strategy should be based on these three principles. To begin with, it is important to identify:

• The context in which ai will be used.
• The Amount of Risk The Organization is willing to take.
• The risks associateed with the introduction of ai systems.

These expenses should then be assessed and approves mitigating control should be introduced. Lastly a matrix should be developed to effectively Monitor Key Risk Indicators (Kris) and Key Performance Indicators (KPIS).

Overall, a Well-Defined AI Strategy is essential for businesses to maximize the potential of ai while mitigating risks. A Good Resource on this matter is the AI Risk Management Framework by the National Institute of Standards and Technology (Nist).

Hear more insights on Cloud, Iot and AI from Mayank Sharma in His Session, How to Adopt Cloud and GOVERN it at Cyber Security HUB’s All Access: Cloud Security APAC Event. Watch on-Demand Now!