One of the biggest security challenges facing Asia and the Pacific is that only one in every four businesses in the region have secured their generative artificial intelligence (gen AI) projects, says a security specialist.
Kimberly Dickson, Senior Worldwide Security Specialist of Amazon Web Services (AWS), said recently that most companies across Asia-Pacific and Japan (APJ) still have not focused on securing their generative AI projects.
“Only 24% report that they have secured their existing generative AI projects. This means that customers require access to tools that give them the confidence to run and secure generative AI workloads,” she said, citing her discussion with CEOs, CTOs and CIOs across APJ.
A recent AWS and IBM study found that only 24% of businesses in the region have secured, or are working on securing, their existing generative AI projects.
“Customers are excited about exploring generative AI and they want to know how to use it securely. They also want to know how to harness it to protect against other risks. However, the majority of companies are not yet focused on securing their generative AI projects,” Dickson said at the recent AWS pan-ASEAN virtual media briefing.
The expert added that a major challenge involves customers’ lack of understanding of how to secure generative AI apps or how to use the services. “I truly believe this is one of the biggest security challenges across our region today.”
Bridging skills gap
To help bridge that skills gap, AWS has trained over 50,000 individuals in cloud skills since 2017, with the target of reaching 100,000 by 2026, she said. In Thailand, it has partnered with Thai institutions of higher education including Chulalongkorn University to equip students with industry-recognized cloud certifications.
“We give an AI-ready initiative which offers free training courses on AI and generative AI for individuals with varying technical backgrounds in Thailand.”
Being aware of the cultural diversity in Southeast Asia, AWS provides more than 600 free courses on cloud skills in local languages, with 64 offered in Thai, according to Dickson.
She pointed out that to help Thailand tackle the big security challenge, AWS is investing 190 billion baht (US$5 billion) over the next 15 years in the country, with the launch of the AWS Asia Pacific (Bangkok) Region to cater to the growth of the cloud business.
The investment – first announced in October 2022 – includes capital expenditures on the construction of data centers, operational expenses related to ongoing utilities and facility costs, and purchases of goods and services from regional businesses, according to Amazon.
AWS, a subsidiary of the American multinational tech giant Amazon, provides on-demand cloud computing services from its data centers worldwide.
‘Most secure cloud for AI’
Dickson said at the media briefing that with additional new features of its services, AWS has become “the most secure cloud for generative AI”. Among the recent additions, launched at the AWS re:Inforce 2024 event in June, are Amazon GuardDuty, AWS Identity and Access Management (IAM), AWS CloudTrail Lake, and AWS Audit Manager.
“We have the most secure cloud infrastructure globally, and we take an end-to-end approach to security that is implemented in everything that we do. We also have more than two decades of extensive experience innovating with AI and ML [machine learning],” she said. “At AWS, we are consistently raising the bar to ensure that customers benefit from added security.”
According to the AWS security specialist, customers now upload numerous terabytes and even petabytes of data into Amazon S3, its object storage service. She added that with the growing volume of data, it is highly important for global customers to be able to detect the potential presence of malware at the source without degrading the scale, latency and resiliency of Amazon S3.
Amazon GuardDuty, which is AWS’ machine learning threat detection service, has a new enhancement that helps customers detect threats within their environment, according to Dickson. “With malware protection for S3, this feature allows customers to automatically detect the potential presence of malware by scanning newly uploaded objects to Amazon S3 without having to build complex data scanning pipelines as well as leverage the built-in, industry-leading third-party malware scanning engines,” she said.
In the realm of identity and access management, AWS IAM now supports pass keys for second-factor authentication or multi-factor authentication, according to her. CloudTrail Lake supports natural language query generation and includes activity logs for users, for services as well as for machines. Audit Manager helps customers with compliance reporting and provides a best practice framework for customers to gain visibility on whether the generative AI workloads comply with controls around governance, data security, privacy, incident management, and business continuity planning.
Commitment to security
Dickson said customers are increasingly choosing AWS to build their AI applications because of its commitment to security. Also, customers are improving their security outcomes and building innovative generative AI applications on AWS.
“AWS is responsible for protecting the infrastructure that runs all of the services that we offer to customers in the AWS,” she said.
Dickson added that AWS provides a wide variety of best practice documents, encryption tools, and other guidance that its customers can leverage to deliver application-level security measures. Also, its partners offer hundreds of tools and features to help customers meet their security objectives.
“To apply these security configurations, customers should think about a defense in depth strategy, which is a set of layered security controls for all workloads, including generative AI. The goal of the strategy is to provide multiple layers of security around your data as well as your workloads. If one layer is compromised, the other layers will isolate, slow down or prevent a threat actor from moving laterally from escalating permissions or privileges, exfiltrating or manipulating that data, and so on,” she explained.
Automating routine tasks
Dickson also said that AWS employs generative AI to help security teams be more proactive and react faster to security issues. Generative AI can be used to automate routine tasks that enable security teams to do more within the limits of their resources. These simple automation tasks include summarizing threat intelligence and automating patching of servers.
Generative AI also helps level up security professionals at AWS, she added. “We see generative AI empowering our security teams from automating the mundane and upskilling security professionals while allowing customers to be more proactive or reactive.”
Also, generative AI can be used to allow human security analysts to search large amounts of data more easily using natural language queries. The expert explained that it can also improve the threat models by improving routine wording while looking at large volumes of highly technical threat intelligence and summarizing it so that humans can understand it more easily.
How True’s Mari is revolutionizing customer care with Gen AI
AIS Winning the Prime Minister Award in the National Startup 2024
