A member recap of “Achieving Data Security and Analytics with AI” presented by Glendon Schmitz at (ISC)² Security Congress 2022. By Angus Chen , CISSP, CCSP, PMP, MBA

Although “data is the new oil ”, there are many problems with working on production data directly.  Organizations encounter regulations to protect privacy such as General Data Protection Regulation (GDPR). The fine for violating GDPR is 17 million British Pounds or 4% annual global turnover.

Amazon was charged with U.S. $887 million, WhatsApp U.S. $267 million and Marriott 18 million British Pounds for data breaches. The list goes on and on. Furthermore, organizations sharing data with third parties infringe on user’s privacy without consent such as the Facebook and Cambridge Analytica cases.

Production data has become the intellectual property product that requires data protection. The fear of data leakage keeps organizations on the shore. The new oil is supposed to enhance customer analytical capabilities, but now it become an obstacle now. The solution is to use Artificial Intelligence (AI), but in an ethical way.

Artificial Intelligence

There are three types of AI based on its capabilities: Artificial Narrow Intelligence (ANI), Artificial General Intelligence (AGI) and Artificial Super Intelligence (ASI). ANI is Machine Learning that dedicates to a single task and specializes in one area to solve a single problem. AGI moves beyond Machine Learning and into the realm of Machine Knowledge that performs like a human and is as smart as a human across all aspects. ASI is Machine Consciousness that is more intelligent than the best human brains.

AI adoption can greatly improve human life. However, it can also cause harm much greater than kids playing game using others’ account if it does not have well defined guidelines. That’s how ethical AI comes about. Ethical AI is still being debated in different geographical regions. Collectively organizations should implement an Ethical AI similar to Three Laws of Robotics in the 1942 “Runaround ”:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.

Ethical AI systems should be able to “tell” the humans how and why it reached its conclusion and allow the human to be the one to make the final ethical decisions. In 2017, in the UK, The House of Lords’ Select Committee on Artificial Intelligence  produced a report that outlined five basic principles as a guide for AI Ethics.

1. AI should be developed for the common good and benefit of humanity.
2. AI should operate on principles of intelligibility and fairness.
3. AI should not be used to diminish the data rights or privacy of individuals, families or communities.
4. All citizens have the right to be educated to enable them to flourish mentally, emotionally and economically alongside AI.
5. The autonomous power to hurt, destroy or deceive human beings should never be vested in AI.

Currently data governance establishment and data sharing agreement are two feasible solutions. Organizations share a paramount amount of unorganized and useless data in data warehouses like dirty laundry.

Synthetic Data

From Glenn’s professional experience dealing with 152 applications across the enterprise, he no longer deals with the issues mentioned above by using synthetic data. Synthetic data is mirroring actual data. His organization is in the process of implementing AI to speed up synthetic data injection. Glenn admitted AI implementation is costly and there are few things to consider:

• Learning how to negotiate with the business.
• Understanding how to align with the business goal.
• Timeline and Objective.
• Return On Investment (ROI).

AI analytics are already being used in many medical areas:

• Identifying treatments.
• Predicting outcomes.
• Predicting demands of resources.
• Identifying and preventing fraud.

Historically IT security organizations operate on a shoestring budget. Once AI generated synthetic data becomes operational, the risk of production data in dev or test environment is gone. The IT security organization can partner with internal stakeholders to monetize synthetic data to move from being a cost center and towards becoming profit center. 

(ISC)² Security Congress attendees can earn CPE credits by watching Achieving Data Security and Analytics with AI and all other sessions from the event on-demand.

Interested in discovering more about AI? (ISC)² Members can take the Professional Development Course Introduction to Artificial Intelligence (AI) for FREE, U.S. $80 for non-members.