CISOs and other security heads should consider security needs of AI and cloud tech

If you’ve found yourself thinking about the security of new tech lately, you’re not alone.

AI and cloud computing have surged in importance across the tech world over the last year, trends reflected in a report from learning company O’Reilly Media last month.

The report found a staggering 3,600% increase of interest in GPT generative AI model units in 2023 on the O’Reilly platform and a 175% increase in use of the “cloud native” topic, indicating the surge in curiosity on the part of users and professionals. O’Reilly noted that the information comes from the platform’s “units viewed” metric, a way that the company analyzes how its content is digested by its audience.

“Remember that these ‘units’ are ‘viewed’ by our users, who are largely professional software developers and programmers,” the report cautioned the reader. “They aren’t necessarily following the latest trends. They’re solving real-world problems for their employers.”

Slotting in. Those numbers shouldn’t be a shock. For IT team leaders and higher-ups navigating the security space, part of the job is keeping abreast of new developments and ensuring that adoption of new tech comes with protection.

Nick Godfrey, senior director and global head of the office of the CISO at Google Cloud, told IT Brew that he and his team view the role of the security officer as one that involves paying attention to evolving tech that their organizations use.

It’s all about being prepared and “being able to continually adjust your programs, your capabilities, your controls, and your security defenses in light of changing threats—but also in light of changing the backdrop of technologies,” Godfrey said.

“That concept of threat-led security programs and using threat intelligence to inform your decision making in how you’re allocating resources and budgets is important,” he added.

Uncle SaaM. Government officials are taking notice. A proposed regulation from the Commerce Department’s Bureau of Industry and Security (BIS) would push back on foreign attacks against domestic cloud services by introducing a number of steps that infrastructure-as-a-service (IaaS) providers would have to take to identify and track foreign users of their platforms.

The rule is meant “to address the risk of foreign malicious actors using US cloud services that could be used in malicious cyber-enabled activity to harm US critical infrastructure or national security, including to train large artificial intelligence (AI) models,” according to a statement from the BIS.

With that much back and forth over new and evolving technologies, security leaders need to take notice, Godfrey said. In his view, integrating cloud and AI into your security posture is becoming necessary.

“One of the things we like to talk to CISOs about is, how do you leverage your organization’s desire to adopt cloud or to adopt AI to improve your security? So instead of viewing those things as potential threats or potential problems, you view them as potential opportunities, you really get behind them,” Godfrey told us. “And as a result of enabling your organization to do those things, you also start changing security.”