AI-Powered Cloud Security: More Resilience and Adaptability

AI in cloud security has been a hot topic recently, with massive growth and new capabilities being released by public cloud providers to support organizations and their cloud security posture. Matthew Parven of Immersive Labs shares a number of exciting areas in which AI can be used within cloud security.

Companies are increasingly moving to the Cloud due to the wide range of benefits and advantages that cloud computing offers. According to McKinsey, most large enterprises aspire to have 60% of their environment in the cloud by 2025Opens a new window . While cloud computing adoption continues to grow, security teams face several challenges in the Cloud, ranging from misconfiguration to lack of knowledge and talent. Organizations must address these issues to ensure the security posture and integrity of their cloud environments. 

Cloud security is a responsibility shared between the Cloud service provider and the customers using their services. The customer is responsible for many tenants of security, including identity and access management (IAM), network security, data protection, incident response, API security, and much more. This can saturate security teams, which can often be fatigued by security-related alerts in the Cloud. 

Detecting Misconfigurations

Misconfigurations in the Cloud are a common occurrence. The 2022 IBM Security X-Force Cloud Threat Landscape ReportOpens a new window revealed that cloud vulnerabilities have grown 28% since 2021 and are likely to continue rising year on year as cloud adoption increases.

To combat this issue, many cloud providers and cloud security posture management tools provide AI-driven services, which use advanced analytics and machine learning algorithms to detect misconfigured resources within cloud environments. These services continuously analyze the configuration settings and security policies of cloud resources against established best practices and industry standards. Many of these AI-based solutions can learn from historical data and security incidents to recognize patterns that might lead to misconfigurations.

These services can also provide recommendations and even automate the remediation processes. This can be useful to ensure deployed resources stay secure but can lead to potential incidents where services may fail due to other resources changing (networks, permissions etc.).

See More: Why Cybersecurity Strategy Fails Public Cloud Providers

Behavioral Analysis

Whenever you hear about cloud breaches, the incident often starts with the leakage of some sort of credential, from simple passwords to keys used by service accounts. 

Behavioral analysis (sometimes called User and Entity Behavior Analytics) techniques are extremely powerful, as they can be used to continuously monitor and analyze user behavior, application usage, and network activities to establish a baseline of normal behavior. When an attacker accesses credentials, they often aren’t acting the same way the actual owner would, and behavioral analysis can detect deviations from this baseline that can then be flagged as potential security incidents or anomalies that require further investigation.

Generative AI in Cloud Security

Generative AI for cybersecurity has seen massive growth over the past year, with many new tools and services such as Microsoft Security Copilot and Google Cloud Security AI Workbench, a platform that is powered by Sec-PaLM, Google’s own large language model that is fine-tuned for security use cases. 

These tools use a mixture of AI-powered tools and feeds to allow users to quickly respond to threats by generating responses to text-based queries. For example, a user could ask, “when did the user [email address] last log in?” or as part of a larger incident investigation, a user could ask, “show me which email addresses received the malware link.” Not only does this massively speed up the triage of incidents, but it potentially allows security analysts who might not have the specific skills needed to investigate an incident to still have the ability to triage an incident by relying on the AI and its knowledge feeds.

What’s the Catch?

AI can be used as a force for good in cloud security, but its implementation needs to be carefully considered. While one of AI’s primary benefits is reducing fatigue to security teams working in the Cloud, the potential for false positives and negatives generated by AI-based threat detection systems is still high. Many of the AI features available in the Cloud to support cloud security can be turned on very easily, often without needing fine-tuning. This can lead to huge amounts of unnecessary alerts and noise. It’s important that any AI tooling being used has also been defined in a clear context and deployed properly.

Privacy is also of utmost concern, especially in the Cloud where “where and who is processing my data?” is frequently raised by organizations. Artificial intelligence’s reliance on well-structured and quality data can raise data privacy concerns, particularly when processing sensitive information in cloud environments. Remember, those large language models are essentially being trained on data and attacks that could be happening in your environment. 

How will AI-powered cloud security impact your business? Share with us on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON CLOUD SECURITY 

• Solving the Paradox of Public Cloud Data Security
• How To Secure Your Business From the Endpoint to the Cloud
• Fortifying Cloud Security Before the Year Is Out
• How AI Enables Business Processes and Smarter Security
• Cybersecurity and AI/ML, Before the New Age of AI: Insider Risk