AWS re:Inforce 2024
Cloud Data and Ai Security in 2024 What You Need to Know Dap202 S

Title: AWS re:Inforce 2024 - Cloud data and AI security in 2024: What you need to know (DAP202-S)

Insights:

  • Introduction to Speaker and Topic: The speaker, Dan, previously the CEO of DigSecurity and now leading data identity and AI security for Prisma Cloud at Palo Alto Networks, introduces the session focused on cloud, data, and AI security.
  • Key Security Questions: Organizations struggle with three main questions:
    1. What data exists across their environments?
    2. How is that data being used?
    3. How can they protect that data?
  • Data as the Primary Target: Data stores are the main targets of attacks, emphasizing the need for specific data security controls.
  • Fragmentation and Complexity: The rise of multi-cloud environments, microservices, and AI deployments has increased the complexity of data security.
  • Discovery and Classification: Effective data security starts with discovering and classifying data stores automatically, without manual connections.
  • Data Security Posture Management (DSPM): DSPM involves discovering, classifying, and contextualizing data to manage risks and compliance.
  • Data Detection and Response (DDR): DDR focuses on real-time monitoring and response to data interactions, detecting anomalies like mass downloads or uploads.
  • Out-of-Band Solution: The solution integrates without deploying agents or proxies, ensuring zero interference with customer environments.
  • AI Security as Data Security: AI security is viewed as an extension of data security, focusing on protecting data fed into AI models.
  • Customer Use Cases: Examples include identifying misconfigurations and over-permissive access, and visualizing data flows and risks.
  • Operationalizing DSPM: Successful implementation involves engaging various stakeholders, automating processes, and integrating with existing workflows.
  • Future of AI Security: Emphasis on governing AI data, understanding AI model risks, and ensuring responsible AI practices.

Quotes:

  • "90% of organizations today still can't answer the first question here: What data exists across my AWS, Azure, GCP, Snowflake, On-Prem, SaaS?"
  • "Data stores are always the actual target of an attack, right? That's how you monetize an attack on a specific organization."
  • "We built a data security platform that is aimed to essentially protect data in the world of generative AI and the world of multi-clouds."
  • "We will never use a connection string. What we essentially do is every single time we find a data store, we either take a backup, an export, or a snapshot of that running data store."
  • "AI security is a data security problem, right? We still need to find all the AI services."
  • "The combination of both static data analysis and real-time data analysis is a complete data security platform in our view."
  • "We will never see your data, we will never copy your data. Everything remains in the customer's environments."
  • "The goal behind breach readiness was to make sure that in case we'll have a breach, our response is fast."
  • "AI security is a subset of data security. Simply jumping ahead and going just to secure AI or AI security generated data will not, without having the foundations of data security, will not be sufficient."
  • "Having a tool that works for you versus you having to work for it, I think is a very important factor."
Cloud Compliance Journey Compliance and Audits Grc201Cloud Security Reimagined the Generative Ai Advantage Aps221 S