Name: Safety First: Securing Your Organization’s Data in the age of AI
Uploaded: 2025-08-19T16:01:33.352Z
Duration: 45 min 8 s
Description: Safety First: Securing Your Organization’s Data in the age of AI

Transcript for "Safety First: Securing Your Organization’s Data in the age of AI": Hi, everyone, and welcome to today's UNIFY webinar. I'm Ben Clark, a product marketing manager here at Nasuni, and I'm thrilled to be joined by Mariah Hara. Mariah is a three time Fortune 500 CISO and a leading expert in AI and cybersecurity at Vigilance Security, and she's helped dozens of companies upgrade their security and governance programs with current AI requirements. And so if the audience is not familiar with Nasuni, we are a cloud native file data platform, and we help organizations manage and protect their unstructured data at global scale to meet the evolving demands of modern IT. And increasingly those demands are being shaped by AI. And so that's exactly what we're here to talk about today, from emerging threats like deep fakes and data poisoning to new regulations and new security frameworks. AI is really changing how organizations think about data protection. So let's start with the big picture. It's no secret that the amount of data generated every day is exploding. I recently saw a stat by 2025, which we're we are here already, that 463 exabytes of data will be generated every day. And 90 of an enterprise data tends to be unstructured, and unstructured data is the world where Nasuni plays. So, Mariah, with this immense amount of data being created, how are you seeing AI adoption change the way organizations handle and think about this data? Thanks, Ben. Great to be here. Listen. We're in the middle of an AI gold rush, and the data that you're talking about is really the fuel feeding AI. And what I mean by that is, like, modern AI, especially LMs and Gen AI, are built to ingest and learn from unstructured data. Things like text, emails, documents, audio meetings, call center recordings, video and images. So the more unstructured data available, the more raw material AI has to learn, generate, and reason. And then at the same time, GenAI also creates a ton of unstructured data. So this creates this feedback loop, where AI both consumes and creates unstructured data fueling a lot of this exponential growth. Every organization now is trying to embed AI into workflows. They need a lot of that training data, the inference data. A lot of it contains proprietary sensitive information. I think what's really changed though is the velocity. So data isn't just being stored anymore with analytics, you know, studying the information. It's being processed in real time, and the data has to continuously evolve and change, you know, minute by minute, and this generates more real time data. So that's a huge shift from the traditional analytics environment that we've been in. Yeah. And when we talk about data security, I would assume our our legacy security and compliance practices just were not built for this pace. Is that right? Yeah. Exactly. So traditional, controls are very static. They focus on perimeter defense, access list, compliance checkboxes, but AI introduces dynamic data flows and very decentralized architectures. So you might have a model pulling from dozens of sources, public, private, regulated, and traditional tools simply can't track the lineage. And you're gonna hear me talk a lot more about that or assess risk in real time. That's where the gaps have emerged especially around unstructured data. Okay. And but before we get into solving this issue, we can start with an example. Are there any high profile examples that that really highlight these gaps in this this age of AI? Yeah. The the perfect example to me is the Microsoft three sixty five echo leak vulnerability that really hit, Copilot. It's happened in June 2025. And, really, what happened was a an attacker created an email that was, zero clicks. So you didn't have to open anything manually or click on anything. It was silent, and it had hidden instructions, for Copilot to exfiltrate sensitive data from a user's environment. So I see, the future of attacks actually, moving through a lot of agentic AI and into environments where users are interfacing with a lot of sensitive data that can be exfiltrated. Yeah. I mean, that's extremely interesting. Many of our customers today are leveraging Microsoft Copilot with their Nasuni data. But let's first let's jump back to solutions to these issues. And so Capgemini found that 68 of organizations using AI completely lacked formal governance or any security frameworks. And so this is obviously a major gap and and a reminder that most companies are deploying these powerful models without the proper oversight. And so what does secure by design really mean in today's AI context? Yeah. I think, you know, listen, as security professionals, we've all heard of secure by design when it comes to development, practices and and the shift left, and it's exactly the same thing. We need to have security and trust built in from the start before you write a single line of code, versus, you know, trying to scan for vulnerabilities after you've completed, the application. So so the the difference, though, is the data life cycle, when we talk about AI risk. So data lineage in terms of identifying the source, the classification, how it's being used, and, ultimately, what is being predicted on on top of is really where we need to to double down when we think of AI risk. Okay. And so if an organization wants to implement Secure by Design within their organization, what would you say are some of the core components that go into this this AI data architecture? Yeah. So I put together eight core updates that enterprises need to, upgrade within their security architecture process. You know, I've seen a lot of environments where they're still using old practices that don't, think about the new types of risk that AI applications are now introducing. So those eight really, you know, really start with what are your security requirements. You really need to look and understand, around what your state, local, federal, and global, if you have global clients, laws are in terms of how to manage AI risk, and I'm gonna be speaking about that in just a few minutes. So that's the first one. The second one is making sure that data ingestion and preprocessing, has the data classification I talked about, the sanitization, the validation checks. You know, just like in development environments now, you you really don't wanna be using, real data where you absolutely, don't need to. That that just increases the threat surface. The third one is vulnerabilities in AI and risk assessments. But now we're talking about scanning AI and ML code, as well as model artifacts. So you wanna make sure that GitHub or Azure, DevOps has vulnerability scanning happening. And, again, that's that's also a new area that that companies have to start thinking about and and integrate into their VM program. Number four, you know, this lies on the, the zero trust model. This is, again, one of the most fundamental areas, secure access control and authentication. Nothing has really changed here. You need to enforce strict controls, around your training environments, datasets, and model deployments. They often have a lot of sensitive information, so you really need to think about that. I know, Ben, you and I were talking about a stat that came out recently that less than 25% of developers use MFA to access, their ML ops environment. So so make sure that your, developers, have that second form of authentication. Number five, so model integrity and fairness. So you wanna this is where the bias and the fairness testing, needs to happen. You wanna make sure that if you're using a hiring algorithm, that the output isn't biased. You can't just assume that the vendor is doing the right thing because, ultimately, you will be liable for it. Number six, encryption and secure model deployment. I mean, again, nothing totally new here. Encrypting models at rest and in transit. I'm gonna talk in a couple minutes about why it's a little more complicated, but you wanna make sure you're deploying AI models in your cloud native environments with encrypted container registries. Number seven, real time monitoring and model drift detection. So just like you set up alerts, in a lot of your regular environments for any anomalies, you wanna make sure that, I'm gonna be speaking to this again. Suspicious behaviors doesn't just mean, you know, looks like some file execution is suspicious. It's also about the models making drastically different decisions one day that do not follow a a typical pattern. So making sure that you're you're alerting for that is very important. And lastly is incident response. So, have you updated your incident response plans around AI related incidents? And that means, you know, working with your model deployment, teams to make sure that you're reviewing root causes, you're up retraining even models if you need, and model integrity, monitoring is in place. I also, you know, just wanted to note, super important, a lot of people have been speaking about, MCP, so model context protocol. It's an open standard. It provides a universal interface for AI agents to read files, execute functions. The downside of that is typically prone to overprivilege. So we talked about Copilot, you know, having an agentic capability to extract. You know, if you give Copilot or or any other desktop AI tool access to your environment, it's it's going to be able to access a lot of sensitive information, not only on your endpoint, but in the environment. And what is it doing with it? Where is it sending it to? So I think that's where, you know, making sure that close controls are implemented around privilege. And, again, just using that zero trust model around AgenTek AI is going to be super important. Okay. And so with Nasuni being a hybrid cloud storage company, how would you say the cloud fits into this picture when you're developing these frameworks? Yeah. Absolutely. So cloud definitely, you know, provides some complexity because we talked about how, you know, the models need to pull in data sources for a lot of different environments. And when you think about, even encryption, we just talked about that in the in the architecture eight steps. It can be a lot more a lot harder because oftentimes, there's encryption in one part of the data life cycle, but not in another. So so make because it's so fragmented, because cloud services are so fragmented. So I I know a lot of us thought that we'd all be in one cloud environment. Many of us are in three cloud environments. So making sure that that end to end encryption in transit and and in rest is in place, is super important. I think the good news is a lot of a lot of companies have cloud security posture management and data security posture management tool and identity entitlement platforms. And you can really leverage those tools, to do quite a bit of monitoring, you know, in your AI environment. So just make sure you're applying those, to these new areas. Okay. Awesome. So there's a lot to consider there when it comes to creating a secure AI architecture, but, I wanted to get back to this this new threat landscape that that seems to be, evolving pretty fast. So what are some of these new AI specific attacks that organizations should be aware of? You know, generally, they just know ransomware, but what are we dealing with today? Yeah. So data poisoning is one that many of us have heard about. So it's when attackers inject bad data into training sets. And, research has shown that manipulating even one or two images in a dataset can have quite a bit of impact. And when you translate that into the enterprise, think about an insider that wants to that wants to conduct fraud and they work inside a bank. Most of a lot of there's a lot of classic stories that insiders inside banks manipulating transactions for their own benefit. So if you think of an insider working in the fraud department and manipulating your fraud detection algorithms to bypass, something nefarious that they're planning, that is a ripe opportunity for attackers to to take advantage. The other one is model theft, and and inversion. So that's basically reverse engineering, proprietary data as well as algorithms and decision making capabilities of the models by asking very specific questions. And at times, we've been seeing that there are override keywords that users have, discovered and and able to exfiltrate, a lot of sensitive customer information as well. The one that the one that I think we've all heard about, we've all felt, I'm most concerned about, I think it's gonna rock our world more and more every year, is the deep fakes and synthetic fraud. You know, I can't I know phishing and phishing testing for email is is been a big pillar in a lot of programs, but we haven't we just, you know, been at the tip of the iceberg in terms of what you can do with audio and video manipulation to socially engineer employees, to do what you ask. So, you that's that's a concern where I'm seeing a lot of companies, the CEOs are leaving voice fake CEOs are leaving voice mails and texts to their direct reports. It's pretty easy to go to LinkedIn and you see you can put together an organizational chart, and transactions have been happening, due to this type of deepfake, activity. I also heard a story about, a fake video, a person. I think we've heard we've heard and seen about these job applicants that are fake. And so when you're on a Zoom call, you know, attackers pretending to be someone they're not, is also a concern if you haven't locked down your your remote video, capabilities. The other, you know, lastly, what I'll say is, I know a lot of enterprises now have, verbal passwords between employees. So they'll use, authenticator apps and which generates onetime passwords, and the employee has to verbally articulate that password, when there's a critical transaction or if an employee is doubtful that they're talking to a real person. I also highly recommend that you create a verbal password for you and your family so that if anybody tries to manipulate you, that they've they they have your son or daughter, you can make sure that, you know, having a password and verifying that between the two, it it can help make sure that you're talking to the right person. Yeah. That's really interesting. Yeah. And I I will I will add the AI generated last one, malware and ransomware. So we're seeing code that mutates faster than signature based tools can detect. So they're it's rewriting code on the fly to to override signatures, which anyways are about two weeks old. Now a lot of environments, at least enterprises, not individuals, do have behavior based, detection capability. However, there are gaps there. So, you know, a lot of environments have, endpoints, IoT, that or BYOD that are not covered by behavior based monitoring. So, you know, we're seeing we're seeing this new wave that is going to be able to overwhelm and and find gaps in your environment. Okay. And so let's let's jump to with these new threats, how organizations can prepare for them. And so at Nasuni, we're, you know, generally familiar with ransomware attacks. We provide a a a comprehensive ransomware solution to detect and stop the attacks in in real time. And we try to prepare customers by making it easy for them to get back to business if their files are impacted. And and you mentioned even with the with the deep fakes, it's it's another form of social engineering. Generally, these attacks, originate from human error. And so we see speed of response and overall recovery time as key metrics because a lot of times it's gonna happen, and it's how you how you deal with it, how you recover. So how would teams detect and respond these to these new AI specific threats? Yeah. No. That's a great question. So it starts with visibility. You can't secure what you don't know. And if you're a security professional, you you know that in the NIST pillars, identify is, the first, pillar that you need to know. You need to have a clear visibility. You need to have a very reliable CMDB, so you can start layering protections on the right set of systems. The next one is train your models like you train your people with guardrails. You need to embed controls in the MLOps pipeline. We talked about that. And I and I then I mentioned this earlier about, monitoring for behavioral drift, not just infrastructure alerts. So you wanna make sure that when the model is starting to make decisions that are spiking outside of normal baseline patterns, that is definitely an alert that should be enabled and sent to your SOC that should be trained on understanding what that means and working with the model team to, to identify if there's model drift or manipulation of of the algorithm. And then using secure by default tooling. I mean, again, we talked about zero trust. There's no difference. Access is is critically important to lock down for both the Genentech AI and the models, in in order to reduce, what's attackable. And then red team testing, again, nothing new here, but are you doing are you performing adversarial adversarial testing, against your models to make sure that the output, they're producing is what you want, to make sure that prompt injection, which is one of the top, vulnerabilities that we're seeing today, is that risk is mitigated. So, that that's certainly very important. And then ultimately keeping humans in the loop, so you just can't, you know, let the machine run and, not not oversee it, not understand how it's creating decisions, and making sure you're documenting that for evidence when audit does come come in the next year or two. Yeah. And you hear so much now about agentic.ai. And to your to your point earlier, just thinking about some rogue AI agent that's that's impacted by some kind of threat going throughout your organization, that that's scary. Yeah. And a and a lot of employees, have now enabled these agents, within their desktop environments, and they basically have access to, you know, all your confidential information, including if you're accessing sensitive data stores. And then, you know, there's third party apps that are logged in, within some of those environments. You need to you need to be aware. You need to make your vendor accountable for your expectations in regards to, you know, controlling your, access to your environment. And don't don't assume the vendors are doing that necessarily. Yeah. So now let's let's move on to the fun stuff, regulation. Regulation also seems to be evolving and and moving pretty quickly, and then you have to put some guardrails around AI. So how are organizations supposed to keep up with this global AI compliance landscape? Yeah. No. It it it is changing a lot in The US. Federally, they were going to ban all AI regulation, which got struck down. So now it's left, to the states to create, their own. Over half of the states in in, again, in The US have there are laws right now, that have been enacted. California, you know, no no surprise there, has the most, comprehensive set of laws. We have Colorado also, which really focuses on, protecting residents from algorithmic discrimination and housing and and credit decisions. Texas also has a law that's, has been enacted, around scoring, social scoring, discrimination, deepfake creation, political manipulation. And then, of course, in the EU, they they have, the EU AI Act, but that really only applies to very to about 5% of AI systems that really have critical and societal impacts in in terms of their decision making capabilities. Ultimately, though, I think all security and risk professionals worth their salt have realized that if you implement the foundational, risk pillars for for any technology or any environment, no matter what audit or regulation comes your way, you're gonna be in a good spot. And, you know, the the NIST actually has a a pretty good AI RMF framework. It's quite detailed, so you do have to customize it, based on based on your environment. I know the Cloud Security Alliance just released, an AI controls matrix similar to the cloud controls matrix they they released quite a few years ago. So, you know, I would look to those as as a guide, you know, customize it for your environment and do the right thing now because, you know, certainly regulators if you're working in in big banks, critical operations, OT, you know, the the regulators and the auditors, they're they're watching. They're watching for the types of incidents and how how impactful it is. And they're gonna come in, you know, whether there's a state law or not and ask you on how you're developing your models and how it's impacting customers and as well as how you're protecting the customer's data. Okay. And what would be some good steps to to make sure your system is defensible or or auditable in this context? Yeah. So, you know, there's really, like, three three main areas. So data provenance. We talked about that at the beginning of the call, that data lineage. It's it's data life cycle, data provenance. So, you know, we just we talked about how much data is needed, created, generated, for AI to work. But at the same time, you need to know where the data is coming from. You need to you need to sanitize it. You need to be able to, talk, to answer customer especially in California. If they if they want their data removed, you need to be able to know where it is and to remove it or to update it, if requested. There needs to be bias mitigation steps and explainability tools. How did you how did this model, result in this decision? You need to be able to explain it quite clearly. So I've created an eight step, audit proof, defensive model for enterprises to follow. So it's eight, quote, unquote, easy steps to make sure that your environment is in a good place, with audit evidence to show that you're doing the right thing around, model, decision making, algorithms, and protecting customers' privacy and security. So the first one is really, the data province and lineage tracking. How do you do that? So you need to log, data sources. You need to document transformation. So when you're inputting data, it's making a decision, and then there's a result. You need to document, what input and how you train the model to to make that decision. You can't you need to speak to it very clearly, to someone who's asking. You and maintaining lineage graphs is very helpful. And you you your audit evidence is having that documentation that I just talked about. So the next one is model documentation and governance artifacts. So can you explain how this model was built, tuned, and validated? So what was it its intended use? Because they're gonna compare it to how it's being used, you know, at the at the end point. How how are you training the what kind of data are you training it with? How are you evaluating it? Number three, access control and role based permissions. So are you enforcing RBAC? Are you logging access to sensitive information? Again, stuff that you should be very familiar with when it comes to access to very sensitive environments, and need to have role access logs and change history, which, by the way, is very good, in the in the case of an incident, to be able to see what was being accessed when when your chief legal officer, comes around and and asks you, you know, if there again, if there's a a pile a Copilot breach, again, you can, easily be able to, indicate where the attacker was when you have good logs. So policy enforcement in ML ops and DevSecOps. So are your pipelines secure? Are they compliant? And we talked about this. Like, do you have bias testing? Do you have code reviews? You know, so you need to be able to have automated logs of a lot of the the policy checks. So, again, that is your audit evidence. Number five, so subject, it's a data subject rights workflow. So this is again, I just meant I talked about it a few minutes ago, but if a customer, says I want you to delete my data, I want to change my data. You you need to be able to respond and do that in a very timely manner. And, again, depending on what state you're in, you may have a limited amount of time in a window to do that. So you need to have, for audit evidence, you need to have SLAs in your environment so your teams, react, promptly. Number six is explainability and decision traceability. So, I mean, we talked a little bit about how did that model, make that prediction, but, you also can have, like, confidence scores and and documented reasons for when your model is making very high impact, very important decisions. And, again, documentation is everything. Put it in plain language. Third party this is so important, because as we all know, third party is so important. But, again, no no difference here. Right? You wanna make sure that your third parties are signing When they're signing their contract, they're agreeing, to the level of of security and risk mitigation that that you're expecting yourself. That that includes data processing agreements, flow down obligations for any state laws, as well as transparency for their models. If if your customers ask, you know, why was I denied, credit, you know, and you're using a a third party vendor, you need to be able to answer that very articulately. Lastly, this is gonna sound familiar again, but logging, monitoring, and incident response, you know, I've overseen a lot of really large incidents. And when you don't have logs, you're dead in the water. It's it and it complicates things. The more logging you have, the more you know if you're if you've contained a potential, attacker, and as well for documentation, it's showing that you have a robust, monitoring program, and you can lessons learned for incident response. So those those are my eight that I think, if you stick to them, you're you're in a good and you're in a good setup for the future. Well, you're leading me to my next question. Thank you very much. So as we're wrapping up, looking ahead, what would you say is the key thing to future proof your AI and data program? Yeah. So, I mean, I think we I think the secure architect the the secure architect AI model that I that I showed you with the eight steps. I think start there. Know what you have. Know what applications AI applications are are already in place, are being planned for the future, and and get ahead of it. And partner closely, with your with those teams that are building it. I also think that if you if you look at the AI trace, my audit, defensive posture, and you start implementing those guys from from the front, you're gonna you're gonna be a lot more relaxed and there'll be a lot more stress, when when the regulation, starts hitting. If we have a change of government in three years that that may make this a priority, you know, we're gonna start feeling the heat, and I always found find with regulations and audit goes in waves. So as I said, there are some states that have enacted laws, but, federally, there may be, more pressure. It may come from Europe as well, like GDPR, which if you have any European customers, you're gonna have to, comply with. So if you just start out with the found the good foundations, you're gonna be in a good spot. Okay. And at at Nasuni, we you touched on collaboration. We we are seeing more and more the the infrastructure folks working with the security team. And when it comes to, the AI landscape, I would assume collaboration cross functionally is is also extremely critical for for success of of implementing this. Yeah. Oh, yeah. So, like, AI doing this, you just can't do it alone. Yeah. This is not I mean, this crosses security, privacy, model development. You know, it's it's it's multiple disciplines, and you're just not gonna get it right if you if you're in a silo. And I think that probably goes, very well for a lot of things that security practitioners have to do. So this is definitely a team sport. Now I thought about this in terms of how do you how do you do AI risk right. And, yes, there's a lot of AI governance committees that have been stood up in a lot of organizations. But as you know, if there's no one throat to choke, if there's not one accountable owner, things things don't get done. So who is that person today? Most organizations do not have a chief AI risk officer. I personally think this is a great time for security leaders to step up into this void and take ownership. I also think they're in a good place to do it because risk management is one of our main is our deliverable. So we're in the we're in the business of risk management, which is what this is. And we also are very used to working with auditors and regulators. We are we are already working, with many disciplines to make sure security in general is integrated into the business environment. So, you know, I think taking the lead is a is a good opportunity for security leaders to upgrade their skills. But, ultimately, you know, it's it's the team that's gonna get it done and, making sure that we know where we're heading and we understand the risk is gonna be key. Alright. Well, that brings us to the end of today's webinar. And and thank you so much, Mariah, for all that. Thank you. Thanks so much for having me. And examples. I would say from my side, if there's one big takeaway, this is you can't treat AI just like another tech trend. As you as we heard it over the last forty five minutes or so, it it changes the attack service surface we're looking at, the compliance landscape, the way your teams collaborate, and you really just need to to build that foundation that you laid out to to reduce the risk and really set your organization up to succeed. And if to our audience, if you wanna learn more about how Nasuni helps secure unstructured data for AI driven environments, feel free to reach out to our team or visit nasuni.com. And thanks again for joining us today. We'll see you next time. Thanks, Mariah.