In this episode of CXOTalk, Anand Oswal, Senior Vice President and General Manager of Network Security at Palo Alto Networks, discusses the rapid adoption of AI in business and the critical importance of securing AI applications. As organizations increasingly use AI to enhance productivity and transform customer experiences, they face new challenges in mitigating risks associated with data exposure, supply chain vulnerabilities, and runtime threats.
Anand emphasizes the need for a comprehensive approach to securing AI-powered applications, from ensuring visibility and control over employee usage to protecting against configuration risks and runtime attacks. He highlights the importance of balancing productivity and security while enabling organizations to harness AI's full potential. Anand also shares insights on the evolving AI security landscape and how Palo Alto Networks collaborates with industry leaders to develop robust security frameworks for AI applications.
Episode HighlightsSecure AI Applications by DesignEnsure that AI applications are integrated into the enterprise environment with complete visibility and control over data protection and threat protection policies. This involves setting the right level of data protection policies to protect sensitive data and enabling threat protection for responses from AI applications.Implement AI security posture management to secure AI-powered applications from configuration risks, supply chain risks, and runtime threats such as prompt injection attacks, model DOS attacks, and data leakage.Manage Shadow AI RisksIdentify and monitor AI applications used by employees, whether approved by IT or not, to ensure that sensitive data is not exposed. This includes having visibility into all application attributes to make informed decisions about usage.Develop policies and recommendations to allow, deny, or limit the usage of AI applications based on their attributes and potential risks, ensuring that productivity is not compromised.Protect AI-Powered Applications from ThreatsImplement holistic security measures to secure AI-powered applications from classical and AI-specific threats. This includes protecting against supply chain and configuration risks, as well as runtime threats like prompt injection and model DOS attacks.Collaborate with other leaders and vendors to develop joint reference architectures for securing AI applications, such as the partnership between Palo Alto Networks and NVIDIA.Balance Security and ProductivityEnsure that employees can access AI applications without compromising security. This involves providing complete visibility into AI usage across the enterprise and implementing data protection and threat protection policies.Automate policy creations and recommendations to enable agile and fast deployment of AI applications, ensuring that security measures do not hinder productivity.Adopt a Platform-Centric Security ApproachSimplify and unify network security by adopting a platform-centric approach rather than relying on multiple point products. This helps reduce operational costs and complexity while improving security outcomes.Use AI copilots to help customers use platforms and products effectively, simplifying operations and enhancing security posture.Key TakeawaysSecuring Shadow AI: Balance Productivity and RiskThe rapid adoption of AI tools by employees, often without IT approval, creates a "shadow AI" phenomenon. Over 57% of employees use AI applications to boost productivity, potentially exposing sensitive company data. Organizations need visibility into AI usage to make informed decisions about allowing, denying, or limiting access. Implementing robust data protection policies and threat detection measures is crucial to balance productivity gains with security concerns.
Holistic Security for AI-Powered ApplicationsAs companies develop AI-powered applications, they must adopt a comprehensive security approach. This involves protecting against supply chain risks, configuration vulnerabilities, and runtime threats specific to AI, such as prompt injection and model denial-of-service attacks. Organizations should implement AI security posture management and runtime security measures to safeguard their entire AI ecosystem, including models, infrastructure, tools, datasets, and plugins.
Embracing a Platform-Centric Approach to Network SecurityThe complexity of managing multiple point solutions for network security is becoming unsustainable. CIOs and CISOs should adopt a platform-centric approach to simplify and unify their network security infrastructure. This strategy can lead to better security outcomes, lower operational costs, and increased agility in implementing new policies consistently across the entire infrastructure. A unified platform allows for easier management of traditional and AI-specific security concerns.
Episode ParticipantsAnand Oswal is the Senior Vice President and General Manager at cybersecurity leader Palo Alto Networks, where he leads the company’s firewall-as-a-platform efforts. He holds more than 60 U.S. patents and earned a bachelor’s degree in telecommunications from the College of Engineering, Pune, India and a master’s degree in computer networking from the University of Southern California, Los Angeles.
Michael Krigsman is a globally recognized analyst, strategic advisor, and industry commentator, known for his deep expertise in the fields of digital transformation, innovation, and leadership. He has presented at industry events around the world and written extensively on the reasons for IT failures. His work has been referenced in the media over 1,000 times and in more than 50 books and journal articles; his commentary on technology trends and business strategy reaches a global audience.
0 Commentaires