GROW YOUR STARTUP IN INDIA

SHARE

facebook icon facebook icon

Every enterprise is a technology driven entity today. With technologies such as AI and cloud adoption on the rise, it has become easier for enterprises to adopt technology as quickly as it is available. ISACA’s latest AI Pulse Poll indicated that 90% of employees are using artificial intelligence in their organization. It is not just AI but also the adoption of cloud which is increasingly in lock step.

Enterprises will do well to take a hard and close look at all the technologies and tools they are using through a risk lens, including using AI for better magnification.

Broadly, technology adoption is driven by two thrusts— one is internal, with stakeholders within the enterprise driving the adoption of technologies to solve internal problem and improve efficiencies. The second is an outside-in approach where enterprises adopt AI due to peer pressure as in competitors adopting technologies and being able to serve customers better or and even worse due to FOMO, or the fear of missing out.

The story of cloud adoption is one of internal drivers for cost efficiencies, speed to market, need for reduced complexities etc. driving cloud adoption. Traditionally, investments in information technologies were plagued by delays in approvals, time lags in obtaining solutions, etc., leading to the widespread adoption of cloud solutions. This meant that what was traditionally a capital expenditure (CapEx) became operational expenditure (OpEx), and of course, all this was available easily at the click of a button through a simple browser.

AI, on the other hand, is a typical “camel in the tent” story. Multiple forces converged to bring AI to the forefront. Enterprise employees as consumers became exposed to AI and the benefits it offered. Management was also exposed to information from multiple sources promoting the near magical quality of AI as a technology and its ability to solve nearly any problem facing the enterprise. The deal was also further sweetened by a double-edged cost sword, which allowed low-cost access to the benefits of AI while also allowing enterprises to cut costs on the human front, which sounded like a win at least from a management perspective. This quick adoption of technologies has given rise to an interesting idea of shadow IT, which refers to the adoption of technologies without following organizational processes. While this may sound benign, the constant rinse and repeat cycle as each new shiny technology arrives throws security under the bus.

Ignoring security is often the result of poor strategy, risk blindness, lack of governance and host of other factors which snowball until the organization totters under its weight. Once again, short-sighted approaches are taken to resolve emerging security issues by, for example, using tools and solutions that do not resolve the root cause of the problem and instead tackle only the symptoms. This leads to security issues accreting over time, often hidden from view. This is characterized as security debt and often not acknowledged much less understood.

Security issues were handled in the past with a combination of luck and piecemeal approaches. Occasionally, some of these security issues were discovered afterwards, after which there would be a scramble to handle the issue. Enterprises also were able to mitigate the security issues with support from technology providers themselves, in part due to the fact that security vulnerabilities were hard to exploit on a widespread scale.

AI of course has upended the equation. The launch of Claude Mythos and the issues surrounding it are a case in point. Among other things, AI makes it easier to identify security vulnerabilities and easier to exploit. This also means that security debt, which was hidden, at least internally, becomes easily exploitable. The piecemeal approach to the adoption of technologies means that some hereto hidden or even unknown security vulnerability is now out in the open thanks to AI. The same AI also enables easy exploitation of the security vulnerability, making it a free-for-all. The longitudinal impact of this can be unnerving because with the power of AI, it may be possible to look at all technologies critically with the intent to identify and exploit any hidden or visible but not fully understood security vulnerabilities. It is also possible that AI tools will be able to identify issues which become security vulnerabilities in the future, jeopardizing enterprises.

While all this may seem alarming, it is important to understand and address the key issue here, which is security debt. Enterprises will do well to take a hard and close look at all the technologies and tools they are using through a risk lens, including using AI for better magnification. According to experts, the first step to addressing security debt would be to accept its existence. Acknowledging the existence of security debt will go a long way in addressing it. It is also important to understand that security debt is a business issue rather than a technology problem and must be dealt with holistically no matter which technology is being considered.

Guest contributor RV Raghu is the Director of Versatilist Consulting India Pvt. Ltd., which is active in India and the Middle East. He is a platinum level member of ISACA, an international professional association focused on IT governance. Any opinions expressed in this article are strictly that of the author.

SHARE

facebook icon facebook icon
You may also like