[By Dan Benjamin, CEO and Co-Founder of Dig Security (acquired by Palo Alto Networks)]
Large Language Models (LLMs) and generative AI were undoubtedly the biggest tech story of 2023. While the ever-changing nature of AI makes it difficult to predict the future, we can point to an emerging trend: enterprises are exploring use cases that involve ‘feeding’ the company’s own data to a large language model, rather than relying on the general-purpose chatbots provided by the likes of OpenAI and Google.
As companies begin to move generative AI projects from experimental pilot to production, concerns about data security become paramount. LLMs that are trained on sensitive data can be manipulated to expose that data through prompt injections attacks, and LLMs with access to sensitive data pose compliance, security, and governance risks. The effort around securing LLMs in production will require more organizational focus on data discovery, classification and access governance – in order to create transparency into the data that ‘feeds’ the language model and ensure authorized access to it.
Advancements in AI are just one of many challenges – and opportunities – tech leaders faced in 2023. The continued acceleration of cloud adoption, evolving tactics of bad actors, and increasingly stringent data privacy regulations have contributed to a challenging data security landscape. To address these challenges, security leaders, and the tools and processes they use, must evolve in 2024.
Here are a few other trends I anticipate for 2024.
Consolidation of data security tooling
As organizations moved to the cloud, their infrastructure has become increasingly fragmented. With multi-cloud and containerization becoming de-facto standards, this trend has intensified. Data storage and processing is dispersed, constantly changing, and handled by multiple vendors and dozens of tools.
To secure data, businesses found themselves investing in a broad range of tooling – including DLP for legacy systems; CSP-native solutions; compliance tools; and more. In many cases two separate tools with similar functionality are required due to incompatibility with a specific CSP or data store.
This trend is now reversing. Economic pressures and a growing consensus that licensing and management overhead have become untenable are leading organizations toward renewed consolidation. Businesses are now looking for a single pane of glass to provide unified policy and risk management across multi-cloud, hybrid, and on-premises environments. Security solutions are evolving accordingly – moving from point solutions that protect a specific data store toward more comprehensive platforms that protect the data itself, wherever it’s stored and in transit.
Maturation of compliance programs
Organizations are realizing that compliance needs to be more than an annual box-ticking exercise. With regulators increasingly willing to confront companies over their use and protection of customer data, it’s become clear that compliance needs to be a strategic priority.
Businesses will invest more in programs that enable them to map their existing data assets to compliance requirements, as well as tools that help identify compliance violations in real time – rather than waiting for them to be discovered during an audit (or in the aftermath of a breach).