<p>Cybersecurity leaders should capitalize on AI mania in the enterprise to address longstanding security problems, urged Arizona State University CISO Lester Godsey.</p>
<p>”Executive management is all [in on] AI,” Godsey said during a recent session at CactusCon, an annual cybersecurity conference in Mesa, Ariz. “I would encourage you to be shameless in leveraging this moment in time.”</p>
<p>AI, with its game-changing capabilities and executive support, presents major technical and strategic opportunities for CISOs. At ASU, for example, Godsey’s team is using AI to improve <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-write-a-data-classification-policy-with-template”>data classification</a>, data loss prevention (DLP) and identity and access management (<a href=”https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system”>IAM</a>). In turn, those improvements and adaptations are key to strong security and governance for the university’s in-house AI platform, which supports more than 60 <a href=”https://www.techtarget.com/whatis/feature/12-of-the-best-large-language-models”>large language models</a> and serves the largest student body in the U.S.</p>
<section class=”section main-article-chapter” data-menu-title=”At ASU, AI for data classification — and data classification for AI security”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>At ASU, AI for data classification — and data classification for AI security</h2>
<p>Organizations looking to adapt their cybersecurity programs to meet new AI needs — and solve longstanding security problems in the process — might consider starting with data security, Godsey said. With some tweaking, existing data classification, <a href=”https://www.techtarget.com/searchsecurity/opinion/DLP-in-the-GenAI-Era-Shadow-data-and-DLP-product-churn”>DLP</a> and IAM strategies can readily adapt to new AI security and governance use cases, he added.</p>
<p>ASU, for example, had an existing data security program, but — like many large organizations — it also had a decades-long struggle with data sprawl. Godsey said his team recently ran a proof-of-concept test using AI to automate the classification of unstructured data. It yielded high-fidelity outputs.</p>
<p>”The result is that we’ll finally be able to leverage DLP,” Godsey said. “The technology has been around for over 20 years, arguably, but we’ll actually be able to use it now thanks to AI.”</p>
<p>In turn, an optimized data security program enables ASU to properly secure and govern its AI systems, according to Godsey. By employing the <a href=”https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP”>principle of least privilege</a>, for example, the security team can block both human and <a target=”_blank” href=”https://www.darkreading.com/cybersecurity-operations/taming-agentic-ai-risks-securing-nhi” rel=”noopener”>nonhuman users from accessing assets</a> they don’t need to perform their defined roles.</p>
<p>”One of my biggest fears is agentic AI by default,” Godsey said, adding that an overprivileged, rogue AI agent could wreak havoc on an enterprise — posting sensitive data to public channels, for example. “Especially when AI starts doing more and more on its own, you need those guardrails in place, and you need to double- and triple-check them.”</p>
<p>In this case, the problem is also part of the solution: ASU has created a custom <a href=”https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity”>cybersecurity AI agent</a> whose sole purpose is to ensure that other AI agents operate within secure parameters. It alerts human operators if it finds other agents deviating too far from acceptable set behavior.</p>
<p>Godsey said his team also plans to use AI to further strengthen ASU’s <a href=”https://www.techtarget.com/searchsecurity/definition/cybersecurity-asset-management-CSAM”>asset management</a>, shadow IT discovery and API security strategies.</p>
<p><i>Alissa Irei is senior site editor of Informa TechTarget’s SearchSecurity.</i></p>
</section>
Read the original article: