AI is top of mind for security teams across every industry. As more organizations adopt generative AI and cloud-native technologies, IT teams confront more challenges with securing their high-performing cloud applications in the face of expanding attack surfaces. According to McKinsey’s State of AI in 2023 report, 40% of respondents said their organizations plan to increase their overall AI investment because of advancements in generative AI. But only 21% said their organizations have established policies governing employees’ use of generative AI technologies. Moreover, in addition to managing cloud spend and resource utilization, organizations must also now consider the cost and carbon impact of developing and using generative AI models.
Additionally, blind spots in cloud architecture are making it increasingly difficult for organizations to balance application performance with a robust security posture. To ensure optimal performance and security of cloud applications, organizations need a comprehensive view of their entire AI stack and cloud environment with a strong application security approach.
At this year’s RSA conference, taking place in San Francisco from May 6-9, presenters will explore ideas such as redefining security in the age of AI. Attendees will seek answers to two crucial questions: ‘How secure are we?’ and ‘How compliant are we?’, viewing these concerns through the lens of AI-powered solutions.
Our RSA 2024 news guide explores the ways AI and security are converging with observability and how this affects application security, vulnerability management, and threat detection. If you’re attending the conference, stop by the Dynatrace booth in South Expo space 561, and our Platinum Lounge in North Expo space 5157.
AI and security need to go hand-in-hand
Generative AI is becoming increasingly popular in organizations across nearly every industry. With the ability to generate new content—such as images, text, audio, and other data—based on patterns and examples taken from existing data, organizations are rushing to capitalize on the AI model. However, security remains a concern despite benefits such as faster development and improved productivity.
As organizations train generative AI systems with critical data, they must be aware of the security and compliance risks. In fact, according to the recent Dynatrace survey, “The state of AI 2024,” 95% of technology leaders are concerned that using generative AI to create code could result in data leakage and improper or illegal use of intellectual property. Therefore, these organizations need an in-depth strategy for handling data that AI models ingest, so teams can build AI platforms with security in mind. Check out the resources below for more information.
Generative AI poised to have impact by automating software development, report says – blog
According to ESG research, generative AI will change software development activities from quality assurance to CI/CD pipeline configuration. |
|
Tech Transforms podcast: It’s time to get familiar with generative AI – blog
Generative AI can unlock boundless innovation. In this blog, Carolyn Ford recaps her discussion with Tracy Bannon about AI in the workplace. |
|
What is generative AI? – blog
Generative AI is an artificial intelligence model that can generate new content—text, images, audio, code—based on existing data. |
|
The state of AI in 2024: Overcoming adoption challenges to unlock organizational success – blog
While AI offers many benefits, there are challenges and risks that organizations need to manage. Learn more about the state of AI in 2024. |
|
Generative AI in IT operations – report
Read the study to discover how artificial intelligence (AI) can help IT Ops teams accelerate processes, enable digital transformation, and reduce costs. |
Managing cloud application security risks to maximize cloud-native benefits
Organizations continue to embrace the cloud as the pace of digital transformation accelerates. Whether multicloud or hybrid, public or private, cloud-native architecture offers flexibility and agility to help organizations deliver software faster. But these benefits also become risks when it comes to cloud security.
Modern clouds are extensive and dynamic, which creates unprecedented complexity that can increase vulnerability to cyberattacks. And organizational silos, lack of end-to-end visibility, and lack of DevSecOps automation render many organizations ill-equipped to handle these risks. Recent research found that 76% of CISOs cite the limitations of security tools for real-time identification of risks in dynamic cloud-native architectures as a key challenge.
Cloud application security is crucial to every organization. As organizations introduce generative AI and continue to use open source code libraries, APIs, microservices, and more to innovate faster, the risk of attack compounds with more entry points for bad actors access critical data. One data breach or zero-day attack can have lasting implications, from revenue loss to reputation harm.
Organizations building out their cloud security strategy must prioritize an end-to-end view of their cloud, applications, microservices, and more to keep their data secure. Check out the following resources to learn more about managing cloud application security.
The state of application security in 2024 – report
Read the report to see how a unified observability and security strategy can help CISOs engage the wider C suite to improve the organization’s risk posture. |
|
What is DevSecOps? And what you need to do it well – blog
DevSecOps connects three different disciplines: development, security, and operations. Learn how security improves DevOps. |
|
Best practices for building a strong DevSecOps maturity model – blog
How can businesses effectively implement best practices to align with the evolving DevSecOps maturity model? Here’s what you need to know. |
|
What is cloud application security? – blog
Cloud application security is a combo of policies and processes that aim to reduce the risk of exposing cloud-based applications to threats. |
|
Modern cloud application security done right – on-demand webinar
Watch our webinar about modern cloud application security done right. |
|
Hybrid cloud infrastructure explained: Weighing the pros, cons, and complexities – blog
While hybrid cloud infrastructure increases flexibility, it also introduces complexity. Learn its benefits—and challenges—and how to tame it. |
|
Dynatrace Runtime Vulnerability Analysis now covers the entire application stack – blog
Dynatrace adds Go vulnerability analysis on top of Java, .NET, Node.js, and PHP vulnerability analysis. Automatic runtime vulnerability detection and AI-powered risk assessment further enable DevSecOps automation. |
Converging security and observability
Maintaining software security is becoming increasingly difficult as the rising complexity of cloud-native environments and generative AI create more risk for undetected vulnerabilities to infiltrate applications. Despite this risk, organizations face mounting pressure to innovate faster and on a larger scale. However, the 2024 CISO report indicates traditional log-based security information and event management (SIEM) and extended detection and response (XDR) solutions have limited value in the cloud-native, AI-driven threat landscape. Indeed, more than 75% of CISOs cite blind spots and limitations of SIEM and XDR for automating responses and addressing risks in real time.
As a solution, organizations are converging observability and security data, giving DevSecOps teams end-to-end visibility into application security issues for real-time answers at scale.
Observability is critical for monitoring application performance, infrastructure, and user behavior within hybrid, microservices-based environments. Likewise, with observability of systems that run AI models, organizations can predict and control costs, performance, and data reliability.
To ensure application security in these AI-enabled, hybrid cloud environments, organizations must integrate security into an observability framework. Monitoring potential security threats, such as unauthorized access, malware infections, or data exfiltration, is critical, especially as workloads are distributed across multiple environments.
Together, observability and security data make teams more effective in identifying and responding to critical security incidents as quickly as possible, resulting in a better security posture. Check out the following resources to learn more.
Dynatrace accelerates business transformation with new AI observability solution – blog
AI adoption is imperative to remain competitive, but its benefits aren’t straightforward. AI observability accelerates AI benefits. |
|
AI for Observability: An Explainer – video
In this video, Dynatrace explains why AI is critical to observability. |
|
Dynatrace for AI Observability: OpenAI, TensorFlow and more – observability clinic
In this Observability Clinic, learn how to use Dynatrace to monitor the usage of AI APIs (such as OpenAI, TensorFlow, or others), identify costs, and diagnose and optimize performance, and costs. |
|
Security by design enhanced by unified observability and security – blog
Business spend management company Soldo uses unified observability and security to implement efficient security-by-design and DevSecOps practices. |
The importance of secure and compliant workloads
Given the complexity of today’s multicloud and hybrid cloud environments, leveraging observability and security data becomes paramount for understanding an organization’s security posture. This understanding is essential for effectively assessing business risk and compliance requirements, particularly given the ever-changing regulations and dynamic nature of cloud infrastructures. Regulatory compliance is growing in importance as cybercriminals leverage AI to create new exploits faster, while development teams must use these same capabilities to accelerate software delivery with less manual oversight.
As compliance is often a moving target, organizations are increasingly turning to automation across their DevOps, security, and compliance teams. This automation minimizes risk and maintains regulatory compliance effectively. In fact, 83% of respondents to the 2024 CISO report say DevSecOps automation will be essential to their ability to stay on top of emerging regulations.
Automation empowers organizations to proactively manage risks such as misconfigurations and compliance violations, automating remediation and managing the exposure risk of vulnerabilities introduced by AI. RSA attendees need the right tools to determine their level of security and compliance.
To effectively prevent exploits and compliance violations, understanding the organization’s attack surface is crucial—the sum of all potential entry points for unauthorized access, spanning hardware, software, and human factors. While absolute security is unattainable, acknowledging the expansiveness of the attack surface is the initial step toward fortification. Dive into the following resources to learn more.
Attack surface checklist for VMware environments – checklist
Our attack surface reduction checklist will guide your organization in identifying and mitigating vulnerabilities in your digital assets. |
|
Achieving audit-readiness for security standards compliance in modern IT environments – guide
This resource outlines of some of the more common security standards, their associated pain points, and ways for CISOs, CIOs, and their Security and Operations teams to comply with these standards to maintain secure private, hybrid, and public cloud environments. |
The post RSA guide 2024: AI and security are top concerns for organizations in every industry appeared first on Dynatrace news.