The author of this article, Chetan Anand, is the CISO & Associate VP of Information Security at Profinch Solutions.
Cloudification, artificial intelligence (AI) and cybersecurity are set to revolutionize the IT industry in 2024. Adopting these emerging technologies is becoming crucial for businesses to be more innovative, agile and successful. At the same time, practitioners need to constantly evaluate and mitigate the risks associated with these emerging technologies.
According to Forbes, the number of large organizations with a multi-cloud strategy (i.e., they buy cloud services from more than one provider) is predicted to rise from 76% to 85% during 2024. Multi and hybrid cloud (mix of cloud with on-premises infrastructure) are advanced infrastructure solutions that will continue to grow in popularity as organizations seek to balance security with flexibility and pick and choose the services they need.
Looking forward, it is anticipated that we will see increased use of data streaming for watching movies and listening to music online. New forms of streamed entertainment, such as cloud gaming, could be the new thing.
New ISO standards such as ISO/IEC 5140 on cloud computing – concepts for multi-cloud and the use of multiple cloud services are also expected to be published. Additionally, certain ISO standards such as ISO/IEC 27017 code of practice for information security controls based on ISO/IEC 27002 for cloud services and ISO/IEC CD 27018 code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors are expected to undergo revision.
Controls such as encryption, authentication and disaster recovery in cloud computing services will be increasingly in demand as we foresee the threat landscape evolving further. These would be a priority for cloud providers and consumers of cloud computing services.
From an environmental, social, and governance (ESG) perspective, trends by the top cloud service providers on net-zero commitments – such as cutting greenhouse gas emissions to as close to zero as possible, with any remaining emissions re-absorbed from the atmosphere, by oceans and forests for instance – will become stronger, not just for their own operations but in order to help customers who use their services to reduce their carbon footprint’s total amount of greenhouse gases (including carbon dioxide and methane).
From a regulatory standpoint, managing the data privacy implications of cloud computing will continue to be important during 2024.
As per ISACA’s global survey of 2,300 professionals, AI will have a significant impact on jobs – 19% percent are opening job roles for AI-related functions in 2024, and 45% believe a significant number of jobs will be eliminated due to AI. Yet, 70% of digital trust professionals think it will have some positive impact on their jobs, though 80% say they will need additional training to retain their jobs or advance their careers.
The survey also says that 23% think the number of jobs could increase. The use of generative AI is ramping up, but most organizations are not yet prepared with policies, training and effective risk management. AI can bring tremendous opportunities – but only if its use is effectively managed.
According to the ISACA survey, the top AI risks could be misinformation or disinformation, privacy violations, social engineering, loss of intellectual property (IP), and job displacement. Organizations should undertake thorough AI risk assessments and mitigate the identified risks. Consideration of ethics in AI is also an important aspect.
Businesses should also consider resources such as the excellent ISO/IEC 23894:2023 Artificial Intelligence – Guidance on Risk Management. The NIST AI 100-1 Artificial Intelligence Risk Management Framework (AI RMF 1.0) is a free resource offered by National Institute of Standards and Technology (NIST). It highlights the importance of test, evaluation, verification, and validation (TEVV) processes throughout an AI lifecycle and generalizes the operational context of an AI system. Performed regularly, TEVV tasks can provide insights relative to technical, societal, legal, and ethical standards or norms, and can assist with anticipating impacts and assessing and tracking emergent risks.
The large language model (LLM) that powers ChatGPT, is trained on huge amounts of data, using vast amounts of computing power. Most businesses don’t have the resources to do this themselves, but by accessing AI-as-a-service through cloud platforms, they are able to leverage this powerful, transformative technology.
To help students and recent graduates, professionals new to IT, and individuals and teams looking to upskill in AI, ISACA offers the AI Fundamentals Certificate. This certificate covers AI principles, concepts and potential uses, AI-associated risks and ethical requirements, and essential software and algorithms for AI applications and possibilities.
Amidst emerging technologies such as cloudification and AI, cybersecurity plays an important role for businesses. Businesses need to carefully evaluate these emerging technologies from a cybersecurity lens. Increasing trends in cybercrimes, ransomware, advanced persistent threats (APT) and cryptocurrency scams mean individuals and businesses require more diligence and due care.
It all starts with becoming aware and then becoming familiar with changes in technology. Many countries have rolled out or are coming out with their own legal requirements on AI. For example, the use of AI in the European Union (EU) will be regulated by the AI Act, the world’s first comprehensive AI law. China has issued the regulation on Administrative Measures for Generative Artificial Intelligence Services.
Businesses, therefore, need to evaluate risks and compliance in the context of new, applicable legal and regulatory requirements. We can expect controls such as AI Acceptable Use Policy to be developed and implemented by businesses to mitigate risks.
From cloudification to AI and cybersecurity, it is interesting to learn how these emerging technologies are impacting businesses. It will be exciting to see how businesses will balance the risks and costs with the necessity to optimize cloud spending.
Cloudification, AI and cybersecurity will endure to be vibrant drivers of innovation and opportunity in the coming year.
ABOUT THE AUTHOR
Chetan Anand is an associate VP of Information Security and CISO at Profinch Solutions and ISACA Global Mentor. He is a Digital Trust Leader with experience in the implementation, sustenance, auditing and consultation of ISO 27001:2022 Information Security Management System (ISMS), ISO 22301:2019 Business Continuity Management System (BCMS) and ISO 9001:2015 Quality Management System (QMS), System and Organization Controls for Service Organizations (SOC 1, SOC 2), IT General Controls, Data Privacy and HIPAA, Program and Project Management, and Agile. He has a proven track record of getting companies ISO certified and sustaining the certificate.
Chetan has worked in IT, ITES, Manufacturing / Product, Healthcare / Pharma, Research and Development industries. He possesses over 20 years of total experience, including 18.5 years of exposure in Governance, Risk and Compliance (GRC), ISMS, BCMS, QMS and Corporate Security and Quality Operations.