Technology cloud report original.
With the acceleration of enterprises' migration to the cloud, a series of cloud security issues have gradually been exposed. Cloud security issues have received attention, and the market has continued to expand.
Gartner's "2022 China ICT Technology Maturity Curve" shows that cloud security is already at the peak of the embryonic stage of technology, and is expected to reach the mature stage of technology production within 2-5 years.
At the same time, in order to improve efficiency, the application and exploration of AI in various scenarios has never stopped. In particular, the emergence of generative AI has been quickly applied to all aspects of enterprise production innovation, showing amazing capabilities and effects, and also paves the way for cloud computing. Security presents additional challenges and opportunities.
Therefore, the combination of AI and cloud security is imperative. On the one hand, it is necessary to pay attention to the security solution of intelligent production. On the other hand, empowering cloud security with AI will build a stronger defense mechanism.
Cloud security challenges and countermeasures under intelligent production
Generative AI lowers the application threshold, but it also places higher requirements on an enterprise's data platform.
However, many companies are not yet capable of building such a demanding data platform, or have not established a strong IT department for operational management.
- Data and model security is the key to building AI applications
When training to build a generative AI model, a large amount of unstructured data is required. Even if an enterprise directly applies a well-made model for fine-tuning, it still needs high-quality data.
If the enterprise does not specify data boundaries, permissions, and insufficient control of application APIs, data leakage is likely to occur. In the "Top Ten Security Risks of Large Model Applications" released by OWASP this year, data leakage ranks second.
At the same time, generative AI and large language models bring a new challenge to the internal control mechanism of enterprises.
The demand for the use of open services in large language models requires companies to implement finer-grained control over internal data assets and other information assets.
Therefore, data governance throughout the entire cycle of generative AI is very necessary, from the acquisition of data sources to data storage and query, and then to the transmission of data to the AI platform for model training, tuning and reasoning, in the process of data flow Ensure end-to-end data security in the middle, providing safe and valuable data input for generative AI applications.
For example, Amazon Cloud Technology provides enterprise data with encryption and protection services covering storage, transmission, use, and governance.
Users can use Amazon Key Management Service (Amazon KMS) and deeply integrate it with many services of Amazon cloud technology to easily protect a variety of data; they can also use Amazon Data Zone to use governance services throughout the entire data cycle.
In addition, Amazon Cloud Technology has also launched a sensitive data protection solution, which can realize the automatic discovery of enterprise sensitive data and manage data assets on a unified platform.
The solution allows customers to create data catalogs, define sensitive data types using built-in or customized data identification rules, and automatically identify sensitive data using machine learning and pattern matching, and provides a visual panel to make it easier for customers to manage sensitive data and protection.
In addition, the security protection of the model entering the production environment after training is equally important. It is necessary to ensure the security of data input and prevent data tampering. At the same time, more attention should be paid to security compliance and the removal of sensitive data during data processing.
- Application security is the guarantee to realize the value of AI
The first stage in securing applications is Security in the Development Process (DevSecOps).
Security needs to run through the process from development to continuous integration, continuous deployment to production, monitoring and feedback.
The second stage is safety in operation. For secure access to applications, enterprises can build zero-trust application security access policies.
It can realize on-demand authorization and authentication. Zero trust is not a standard tool or solution, but a set of mechanisms that needs to be drilled and tested.
At the same time, it is also necessary to manage the permissions of the applications that access the large model to ensure that only applications with specific permissions can access or call the custom API in the large model.
At the Amazon Cloud Technology re:lnforce2023 conference in China, Dai Wen, director of the Solution Architecture Department of Amazon Cloud Technology Greater China, mentioned, "It used to be isolated by application and network boundaries, but now the sense of defensive boundaries has changed. , Pure application and network boundaries are no longer enough to isolate, thus accelerating the implementation of zero trust in the enterprise."
However, Daiwen also emphasized that when paying attention to AI security, we should not only focus on the AI application itself.
"From the beginning of construction, we need to take security as the core link in the development of enterprise AI strategy. From a full-stack perspective, we will comprehensively examine the security specifications, technical strategies, and platform tools of applications, models, data, and infrastructure. Generative AI applications are like icebergs on the ocean, and if we want to safely harness this new technology in the enterprise, we also need to pay attention to the glaciers under the ocean."
Dai Wen, Director of Solution Architecture Department, Amazon Cloud Technology Greater China
AI + cloud security is expected to accelerate the journey to the cloud
The "2023 Global Cloud Security Report" released by Cybersecurity Insiders this year shows that rising costs, compliance requirements, complexity of hybrid and multi-cloud environments, sharp decline in visibility, and shortage of skilled personnel are forcing companies to slow down or adjust established Cloud deployment strategy.
Therefore, although the overall speed of enterprise workload migration to the cloud is still showing a steady upward trend, the cloud deployment rate has stabilized year-on-year, and cloud security is still a key pain point in the journey of enterprises to the cloud.
Due to the ease of use of cloud security products, no cumbersome installation or debugging is required, direct deployment, and the ability to pay on demand will not bring additional burdens to the security costs of enterprises.
Therefore, Chinese enterprises have similar investment in cloud security deployment as other international enterprises.
The more powerful defense mechanism built by AI + cloud security provides more possibilities to solve this problem and improve the cloud deployment rate. At present, many cloud service providers are still exploring.
First of all, in terms of compliance, although relevant laws and regulations are becoming more and more perfect, as important data accelerates to the cloud, the amount and type of data continue to increase, and the business needs of customers are also constantly changing, so the difficulty of compliance should not be underestimated .
Applying AI to compliance services can provide security control for large-scale batch reviews, use automation to reduce manual operations to reduce errors, use AI to provide consistency judgments, and use AI/ML technology to realize automatic reviews and comprehensively improve compliance efficiency .
Secondly, AI can help achieve intelligent control and record management permissions, and these records can first support permissions and deployment from authority control to network control to overall automated management, including auditing.
In addition, using AI can automatically scan code vulnerabilities, software defects, and false positives during the integration process, and respond in a timely manner.
epilogue
At present, cloud security is still dominated by AI empowerment. However, with the continuous application of generative AI, enterprises have shifted from focusing on the advancement of their technology to focusing on the business value it provides, and the proposers of the demand have changed from technical leaders to For business leaders, it will become an inevitable trend for AI empowerment to develop towards AI native.
Establishing a better, compliant, and secure AI application has also become a top priority. A stronger defense mechanism will ensure that AI can play a greater role and have a better development.
[About Science and Technology Cloud Report]
Focus on original enterprise-level content experts - technology cloud reports. Founded in 2015, it is the top 10 media in the cutting-edge enterprise IT field. Recognized by the Ministry of Industry and Information Technology, Trusted Cloud, one of the official media designated by the Global Cloud Computing Conference. In-depth original reports on cloud computing, big data, artificial intelligence, blockchain and other fields.