View Show Notes and Transcript

What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Management) in creating effective AI security controls.

Questions asked:
00:00 Introduction
02:09 A bit about Dan
02:29 What is AISPM?
03:16 How should CISOs tackle AI Security?
06:16 Right Controls around AI Services
07:32 AISPM vs CSPM
09:52 The role of DSPM
10:25 Tackling data security in world of AI
13:28 Maturity Curve for CISOs to consider
16:36 Security Teams for AI Security
19:51 The Fun Section

Dan Benjamin: [00:00:00] So AI security is basically a data security problem. As we mentioned, you have to have DSPM technology to essentially capitalize or build the right type of AI security controls. Because eventually the first question that everyone's going to ask you is what type of AI models do we have? Which ones of them are trained on sensitive information?

So DSPM is the foundation technology that serves AISPM. Cloud is complex, especially because of fragmentation. And what I found is that the more mature companies that have already deployed operationalized DSPM. They build processes that automatically, every time we found an issue, open a ticket to the right teams across the organization.

Eventually, we just have so many issues that we need to tackle, and we want to prioritize the ones that matter the most.

Ashish Rajan: AI, or Artificial Intelligence, is top of mind for everyone in 2024. It started off in 2023, but 2024, we're still talking about it. And, to talk about security, we have a new category called AISPM

I know CSPM, DSPM, there's been a lot of those, but now a lot of people are talking about AISPM, or Artificial Intelligence Security Posture Management. And for this call to session, we had Dan [00:01:00] Benjamin. He's the head of AI Identity and Data at Prisma Cloud. And we spoke about what is AISPM? Why do people even need this?

Is this the same as CSPM? But he also spoke about his vast experience in data security and how he believes CISOs and other leaders can use this opportunity to do an AI inventory, a data inventory, to have the right foundation to start building for a better future for securing AI. And also what would this look like from a security team perspective?

What could be things you could look at in your team that you could scale out in enterprise, especially if you're an enterprise and thinking about how do you wrap your head around the whole AI security space? This is definitely a conversation I would recommend having. If you know someone else who's looking into The AI security space and wants to understand the whole AISPM.

Definitely share this episode with them as well. If you're here for a second or third time and you've been enjoying what you've been listening, thank you so much for all the reviews and following us and subscribing to us on all the audio platforms like iTunes, Spotify, as well as the video platforms like YouTube and LinkedIn.

I really appreciate this. And if you haven't yet, please definitely consider subscribing because it definitely means a lot. And I hope you enjoy this episode as well. I'll see you next [00:02:00] one. Welcome to Cloud Security Podcast. Today, we are at AWS reinforce with Dan. Welcome to the show, Dan. Thanks for coming in so much for having me.

No problem. And I'm excited for this conversation because before we start about the whole AI SPM space, can you tell us a bit about yourself? What's your professional journey so far?

Dan Benjamin: I'm Dan. I'm the previous co founder and CEO of Dig Security. I now lead the data identity and AI security for Prisma Cloud.

Very technical person started my career about 20 years ago. Multiple startups, multiple corporates worked at Google all around security.

Ashish Rajan: And that's probably a good conversation to talk about this AISPM. I like, I think so many acronyms of SPM. So what is AISPM to help people understand what that is?

Dan Benjamin: AISPM stands for AI Security Posture Management. And it's a set of technologies that help organizations operationalize AI technologies. First off, what kind of AI technologies do we even own across our organizations? Across AWS and Azure? Do we use an external service set? It trains our AI models. How do we govern AI?

Which kind of data goes into our AI [00:03:00] models? Are we compliant? Are we secure? It's a whole new set of technologies that none of us have used before, are being pushed very quickly by our organization to operationalize very quickly to essentially stay competitive. How do we help organizations tackle this huge problem that is now coming to us?

Ashish Rajan: Talking about huge problem? A lot of leaders and CISOs are thinking about how do they look at AI security as well. And I think previously when we were talking about this space as well, maybe a good starting point is what should CISOs and cybersecurity leaders consider as they plan for thinking about how do they look at the risk or challenges with AI security as it stands.

Dan Benjamin: Let's not forget that this whole movement that is now happening of shifting to the cloud, training models in the cloud, using LLMs it's an uncharted territory. Yeah. How do we, first off, build traditional security controls, access to AI models, which kind of data goes in, how do we govern it, are we compliant, are we violating any type of privacy issues that we essentially have as an organization?

And that's [00:04:00] first steps. So first off, of course, we need to build an AI inventory. All of these are new sets of technologies. I think what we learned, at least in our team, is that. Every day we have new APIs that are coming out for AI services. So it's very quick and you have to be very agile in this moment.

But then, I believe that AI security is a data security problem at first. Because, what is our biggest fear? Our biggest fear is that we're going to build an AI service that is going to be interfacing with our customers. And suddenly it's going to spit out data that we shouldn't be spitting out. either data that we are not allowed to essentially train our models on or data that the model essentially gave to the wrong end user.

And we see a lot of examples like this keep popping up in the news. How do we build the governance controls around the services that we essentially need to like deploy across any cloud, across any service,

Ashish Rajan: I guess maybe to break it down into a few more fewer pieces as well. I love the inventory piece because that's where Like shadow I. T. used to be a thing, now shadow A. I. is a thing as well now, like you don't really know you may have [00:05:00] had a policy to say don't use A. I. but people may still be using it. When we talk about A. I., are we talking about M. L.? Gen. A. I.? Cause that's also confusing for people, like which one are we talking about?

So when you're referring to A. I. inventory and everything else that needs to go with it, which A. I. are we referring to? Cause there's a lot of A. I. these days. So

Dan Benjamin: I would say we're definitely talking about both. But I think the large movement into the cloud, even organizations that were traditionally on prem that started moving into the cloud was because they wanted to essentially train LLM or use LLM services in the cloud.

So that's the big shift into the cloud and the big movement there. But eventually our goal is to essentially protect any type of AI service, whether it is ML, whether it is gen AI or any new thing that will essentially come out. We are now seeing a lot of agents. We're now looking at third party services that are acting As we used to have snowflake as a data warehouse outside of your cloud Now we have also OpenAI that trains data outside of your cloud, but as a hosted solution So we're seeing the myriad of solutions and we [00:06:00] need to essentially help organizations protect whatever they use, right?

We don't want to be restrictive as a security team. We want to enable the business To use the right services for them. So whether it is in the cloud, whether it is as hosted solutions, whether it is self trained or using managed services. Yeah, anything that we need to do.

Ashish Rajan: Would you say, are there like different components, like I don't know, perimeter wise, hey, like where the access or network, whatever.

Is there a simpler way to break this down for people to easily consume for what they can focus on and maybe use that as a matrix to put in there Security programs as well.

Dan Benjamin: So I think Palo Alto broke it down correctly. Into three main pieces.

First off, of course, AI access. How do we help organizations govern access to AI services? Whether it is OpenAI, Hugging Face, any type of AI service that they want to use to make their life easier. That's the CASB problem, right? How do we govern or secure a gateway problem? How do we essentially govern and control access to AI services?, any type of websites. How do we make sure that we have the right DLP controls or a block or [00:07:00] provision access? The second of course is how do we help organizations use securely AI in their cloud and that's AI security posture management and lastly of course, how do we make sure that once we already deploy the AI services And we essentially already know the data and the compliance. And misconfigurations of any type of AI service that we essentially use. How do we make sure that no one does detection engineering, prompt injections into our models, and that's the AI firewall component.

That's a runtime component. Yeah. The combination of the three is what we believe is the right controls around AI services.

Ashish Rajan: Yeah. Oh. And would you say to double click on AISPM, we spoke about the definition, how it's around the capability of posture management, because even that is quite a deep field as well.

I think to even start in that, to your point, you start with AI inventory, then the biggest challenge a lot of people talk about even still is the data security piece as well in there. And that I feel is probably not spoken about enough, which confuses people because then they hear AISPM, they think CSPM as well.

[00:08:00] And sometimes CSPM provider might say. I say that, Oh, I have a AISPM as well. And okay, you have both. That's really interesting. So how would you differentiate between say AISPM and a CSPM? So people are able to hear that and go, Oh, differentiate the two separate things.

Dan Benjamin: So CSPM stands for cloud security posture management.

How do we essentially make sure that the configuration of different type of cloud services is correct. It doesn't take in access. It doesn't take in the like application security components. It doesn't take in data security doesn't take in flows or runtime components. Yeah, that's why I think the industry shifted into CNAPP cloud native application protection platforms.

AI security posture management that fits into the whole platform story, CNAPP story to help organizations tackle this new type of workloads, fastest growing workload now in the cloud. Yeah. The one that is shifting many organizations that were traditionally on prem to move into the cloud.

And the interesting thing, in my opinion, about AISPM is that it builds upon all new components [00:09:00] that we already had. CIEM, Cloud Infrastructure Entitlements Management, is how do we govern access? How do we make sure which applications has access to which AI models? How do we understand who can shift the weights of each type of AI models?

How do we make sure that no one can skew the actual decision making of AI models? If we talk about data security, how do we make sure that no model is now being trained on financial information of the organization, or PII information if we're not allowed to? CSPM is how do we make sure that the configuration of these different types of AI services are correct.

AppSec. How do we make sure that we're not using packages that have malware or that have founds vulnerabilities inside of them? So I think that AISPM actually builds on top of all these different other types of capabilities, packages them up together into this new type of workload, which I think is fascinating in my opinion.

Ashish Rajan: DSPM is another one people throw into this mix as well. How different would that be? So AI security is basically a data security problem as we mentioned. You have to have DSPM technology to essentially capitalize or build the right type of AI [00:10:00] security controls. Because eventually the first question that everyone's going to ask you is what type of AI models do we have?

Which ones of them are trained on sensitive information? Which ones of them are trained or might have issues when we essentially just t deploy it into production

and have issues around our data?

Yeah.

Which ones of them can lead to like data leakage?

Yeah.

Dan Benjamin: So DSPM is the foundation technology. that serves AISPM when we deploy this into production.

Ashish Rajan: People may already have purchased a version of CSPM or CNAPP. And I think what I'm trying to highlight with this conversation that I'm having with you also is that the AISPM problem is different. It's not the same as the CSPM CNAP problem as well. Even though to your point, it does encompass it.

So they may already have one part covered. There is one more component, which is not a tool problem. It's the whole, where my data is, do I have a data policy? Do I even know what kind of data is where data sprawl problem, all of this. Can we double click on that whole data security piece just a bit?

Cause, and that [00:11:00] used to be quite a bit of your time anyway. So I'm curious how do you tell the CISOs who are starting today on the whole data security piece? Cause as you go into the more AISPM and AI security space, The biggest thing is data because that's what it uses to train so as much as we can manage third party risk, but at the end of the day, we need to know where our data is to be able to protect it.

So how do you see people tackle this?

Dan Benjamin: DSPM essentially is built on the foundation that we're able to answer three main types of questions. Okay. First off, what data do I own? Across cloud, on prem, SaaS, IaaS, PaaS, databases as a service like Snowflake and Atlas and Databricks. So how do we bring this into a single place that we all know?

What data do we even own across the organization? Second, of course, is how is that data being used? Which applications, users, vendors, machines are touching which pieces of data? And lastly, of course, how is that data being protected? At rest, in motion, or in use? Yeah. Or how is that data being protected from specific scenarios?

We, as humans, are programmed to think about scenarios. Data exfiltration, ransomware, compliance breaches, data misuse. And DSPM [00:12:00] technologies are aimed to tackle this type of problem. Build the full inventory all your types of data stores, whether it is structured, unstructured, semi structured data across your clouds.

Understand the data risk assessment model. Understand that we have privacy issues, that we have compliance issues. Monitor DLP like capabilities like in the cloud, so we call that DDR, data detection and response. Cloud is complex, especially because of fragmentation. On prem, we used to have five, six, seven, eight types of different types of datastore technologies.

Yeah. In the clouds, a typical enterprise will have 20 different types of datastore technologies across hundreds, if not thousands, if not tens of thousands of datastore instances across the cloud, all from different types of services, all getting patched and updated by the cloud, not by you. And I think that's a good thing because they get keep innovating and they bring new types of capabilities, but they also create new types of vulnerabilities.

That's why security vendors have a business, right? Deploying data security in the cloud is priority number one with CSPM, of course, which kind of tackles the cloud configuration component , but they [00:13:00] think that the world is moving into a platform play. How do we essentially build and prioritize across different types of capabilities?

We want to prioritize across identity and data. And workloads and serverless and wanna focus on the things that like focus or the things that, that matter the most. Eventually we will never be able to tackle all types of problems in the cloud. So we need to help prioritize inside the organization because eventually we're still limited by the number of people that can handle these types of solutions.

Ashish Rajan: For CISOs and leaders listening to this conversation who are starting this journey today, is there like a maturity model as well?

Because I think it would be a overwhelming place to start even think about I can't even imagine an enterprise like a bank, which is in for hundreds of years or 50, 60 plus years, same for a financial organization, telecom. There's so many industries as well. What's a tactical and a strategic thing they can go for in terms of maturity?

What are things they can do today? Okay. And what are some things they can plan for in their security programs so that they have some, okay. As to what Dan is saying, if I do these [00:14:00] things, I'm on the right path. Yeah. So is there anything that comes to mind for that?

Dan Benjamin: So first off, if we're talking about data and AI, I would say that first off, you have to start with an inventory.

You have to have kind of a full list of what kind of data services you use, what kind of AI services you use, and the combination of AI and data. Then of course, in the world of data, you want to focus on ticking bombs. So whether it is. It's like developer secrets just thrown inside the organization or if, for example, you're not PCI compliant and we found tons of credit cards across the environment, or if you're not PHI compliant and we found tons of PHI in your environment.

So clean up a lot of data that we essentially accumulated because as humans, we're hoarders. We hoard data and with DSPM technologies, we need to clean data. We want to put data retention. We want to put data cleanup processes. Now, once we passed the initial inventory, initial data risk analysis, initial cleanup of data and AI services, the goal is to bring this down to the business units themselves.

And what I found is that the more mature [00:15:00] companies that have already deployed the operationalized DSPM, they build processes that automatically, every time we found an issue, open a ticket to the right teams across the organization. Take an organization that have . 50, 60 development teams, you can't as a single centralized security team tackle all the issues of all these 50 teams.

What I found the more mature teams do as they essentially every time there's an issue, they automatically open a ticket to the right development team. They put all the evidence inside. What do you need to do? How do you need to fix it? How do we put guardrails so it won't happen again? And that's maturity in my opinion, that the centralized security team only builds processes that go down directly to the development teams.

And I see more and more organizations now getting that maturity, bringing that maturity into their organization and now operationalize. And every time there's a new set of technologies that they essentially need to also protect now, they incorporate the same model, but just to the different types of problems.

Ashish Rajan: And that's how you can scale it as [00:16:00] well. Exactly. Absolutely. Yeah. Exactly. Because scaling is probably the biggest challenge people talk about. Oh, like majority of the advice you get online is all about one space and like one machine.

Dan Benjamin: One specific issue, one machine, one workload. Yeah. And most of these organizations, I would say, take a large fintech that we work with.

They have 60, 000 data stores. They have, I think, 55 development teams all around the globe. You can't tackle that in a centralized 20 people security team. No. So building that process. Thinking about this from day one, I think that's critical. And I've seen most of the large organizations that already operationalized the actual technology did this. And we also pushed them.

Ashish Rajan: What does a security team look like in this context? Cause I think when ML became popular, there was a whole conversation about, Hey, this is not a security thing. It's a data thing. You guys can't be doing this., but then it became a security lake thing that, Hey, let's have rebuild a security lake.

And now we're in this territory of, Oh. We should have looked at data before doing any of the other shit. How do you see the security teams evolve? Because I imagine a lot of CISOs are also thinking that [00:17:00] my team also at the moment I have cloud engineers, cloud security engineers, I've got architects, app tech people, am I missing something here which I need to do for AI security kind of a thing?

Dan Benjamin: So I really like organizations that have a large cloud security team that are all generalists. But have an SME or two for each one of the different topics, and that's their own project. So they can cover for each one of their peers. Let's say one goes on vacation. They can still cover, but then they also are SMEs of a specific topic, whether it is data security, whether it is AI services, whether it is vulnerability, whether it is patching, each one will essentially be the project manager for that specific process.

But they have to go through that model of. Opening these automated tickets to the right development teams and just spearheading an automated procedure. Because if they try to tackle this manually, issue by issue, problem by problem, in a very large organization, it just doesn't scale. It was one of the largest financial services in the globe.

They have a very large team that kind of takes in inputs from all the different types of security tools and spits [00:18:00] out Issues to each one of the different team members based on their own priority engine. I think now the world is changing. CNAPP solutions are now offering this prioritization across the globe, across all these different types of security products.

And I think that's where the world is heading. Palo Alto is putting a lot of efforts in that space. I know that other vendors are also looking at that specific thing because eventually, we just have so many issues that we need to tackle.

Ashish Rajan: Yeah,

Dan Benjamin: and we want to prioritize the ones that matter the most.

Ashish Rajan: It's very easy to get lost in a lot of alerts coming in. But at scale, even at a small level as a startup, it probably is quite hard. But even on a scale of that would be really easy. This has been really interesting. Is there anything that you feel people should look out for in that? AISPM, CSPM, DSPM, it's clearly evolving quite a bit.

Do you feel that if people use AISPM at least it's a good start towards whatever this transforms into? Cause I think the industry speak on the whole AI soace that we don't really know. It is still starting. It hasn't even gotten to a peak yet. So do you feel like at least having these [00:19:00] strategies and having a AISPM and they're at least in their arsenal for lack of a better word?

They are able to at least walk in that direction that, okay, I have something that I feel would make me comfortable instead of just going completely blind.

Dan Benjamin: I think that's the foundation. I think organizations, because of the speed of of innovation in this specific category must have a security partner in this specific category and neccesary foundation, right?

Everything is evolving. Everything is changing, but at least having a partner that thinks about this problem on a daily basis and has 10, 15, 20, 50 people working on this specific problem with other customers. At least you're able to learn how other organizations, through your journey, are also working in tackling this type of problem.

Building an inventory, building compliance, building posture controls, building data controls around data.

Ashish Rajan: Yeah.

Dan Benjamin: And at least alleviating some of the risks of deploying AI services and putting the front facing in front of customers as well.

Ashish Rajan: Yeah. That's awesome. This is most of the technical questions I had, I've got three fun questions for you as well.

Yeah, let's do it. So first one being, what do you spend most [00:20:00] time on when you're not trying to solve AISPM or AI or data security problems?

Dan Benjamin: I like going to the beach. I live in Tel Aviv. It's a great city. It has an amazing beach. I like going to the beach. That's the easiest way to shift from working cyber security tech.

And then heading to the beach, diving in, you immediately forget anything that you're working on. I love it.

Ashish Rajan: What is something that you're proud of that is not on your social media?

Dan Benjamin: I'll have to talk about a specific success story that we had back then at Dig. At startup, you always have kind of moments that you always remember, and I think that you'll remember that for life.

I think back then we were onboarding one of our largest customers back then. And I think they had 10, 000 AWS accounts, 5, 000 GCP, a big environment. And they said they have to spend their budget by Monday, it was Friday. So they said, we have to onboard today was Friday night, Israel time. They said, we either onboard now or we're going to pick a different vendor.

So our team gathered around, everyone was around their computers [00:21:00] Friday night. I think the onboarding finished at around 5 AM. Oh my God. On Saturday morning, it went really smoothly. We signed with that customer. It was just an amazing kind of coming together story for a team. And I think all of my team members always remember that specific story and how it came through and.

How it became a massive success. So that's one of my proudest moments as a startup entrepreneur is at least for this specific journey, as I sold like two companies. So this was a very fun story for us.

Ashish Rajan: That's awesome. And the last one, what is your favorite cuisine or restaurant you can share with us?

Dan Benjamin: So the funny thing is I'm a mutt. Okay. A quarter Indian. Quarter Polish, quarter Iraqi, and quarter Mexican. What? Yeah. Wow.

Ashish Rajan: I, okay, I get true definition of mutt, okay, I love Indian food. Yeah. I love it. Oh, out of all the other ones. I love

Dan Benjamin: Indian food. Oh, is there a lot of Indian food in Tel Aviv?

No. Really? Every time I go to London, my wife is British. Okay. I always eat Indian food. I love it.

Ashish Rajan: I'm gonna exchange some actually, is there a favorite London Indian restaurant you know that

Dan Benjamin: you like? I

love Dishoom. [00:22:00] Dishoom is really good. I think there's other good ones, but the shroom is always a fan favorite.

Ashish Rajan: Where can people find you on to connect with you to predict on this particular topic and also anything else you want to shout out from a product perspective is that they can people find more information about that as well.

Dan Benjamin: Of course. So first off I'm speaking tomorrow at the AWS re:Inforce conference.

. And I'm talking about DSPM and ASPM and how to think about data security and AI security in 2024. Second, of course. Any person can reach out to me on LinkedIn. Talk to me. I'm happy to literally connect and talk about these types of technologies.

Ashish Rajan: Thanks so much for coming on the show, man. I really appreciate it. Thank you so much. I appreciate it. No problem. Thanks everyone for watching. Thank you for listening or watching this episode of Cloud Security Podcast.

We have been running for the past five years, so I'm sure we haven't covered everything cloud security yet. And if there's a particular cloud security topic that we can cover for you in an interview format on Cloud Security Podcast, or make a training video on tutorials on Cloud Security Bootcamp, definitely reach out to us on info at cloudsecuritypodcast. tv. By the way, if you're interested in AI and cybersecurity, as many cybersecurity leaders are, you [00:23:00] might be interested in our sister podcast called AI cybersecurity podcast, which I run with former CSO of Robinhood, Caleb Sima, where we talk about everything AI and cybersecurity. How can organizations deal with cybersecurity on AI systems, AI platforms, whatever AI has to bring next as an evolution of ChatGPT and everything else continues.

If you have any other suggestions, definitely drop them on info@cloudsecuritypodcast.tv. I'll drop them in the description and the show notes as well so you can reach out to us easily. Otherwise, I will see you in the next episode. Peace.

No items found.