Is AI the next big thing in cloud security?
You might think so if you've followed headlines about generative AI technology over the past year or so. Cloud security is among the many domains that, according to folks who are excited about GenAI, stand to be transformed by GenAI-based tools.
I remain unconvinced. Although I can see potential for generative AI to upend other types of security workflows, such as alert management, I don't think AI in cloud security is going to be the next big game-changer for businesses that deploy and manage cloud-based workloads. Here's why.
Defining Cloud Security
To understand why generative AI probably won't revolutionize cloud security, you must first understand what cloud security entails.
Cloud security is a broad term that encompasses a variety of technologies and responsibilities. Some, like monitoring cloud workloads for anomalies, are common parts of security workflows in any kind of environment. Others, like ensuring that the complex Identity and Access Management (IAM) policies that organizations depend on to govern access rights in the cloud, are unique (or nearly unique) to cloud security.
If you were to make a list of everything you have to do to enable cloud security, it might look like this:
- Ensuring that cloud environments are designed with security in mind (by, for example, designing secure cloud network architectures).
- Collecting metrics and logs from cloud workloads and infrastructure, then analyzing them for anomalies that could be the sign of a security risk.
- Configuring proper security controls using cloud providers' IAM frameworks.
- Monitoring security controls over time to ensure that they remain as secure as possible, and that they are updated as user roles change and workloads evolve.
- Preventing unauthorized access to cloud-based services over the network, using tools like Cloud Access Security Brokers (CASBs).
The Benefits and Limitations of AI in Cloud Security
How much can generative AI do to help streamline those workflows? Not too much, I think.
The only opportunity where I see generative AI adding tangible value to cloud security is in the realm of security monitoring and response. In that context, generative AI could be helpful for summarizing and interpreting alerts, as well as helping correlate security data across different environments. This is what tools like Sysdig Sage — one of the few offerings to appear so far that leverages generative AI for cloud security — do.
But since alert summary and correlation happens as part of security workflows in any type of environment, not just the cloud, generative AI doesn't bring special value to cloud security in particular.
Nor does AI-driven threat detection and data correlation totally change the game when it comes to cloud security. It will add some efficiency to those workflows, especially for less experienced analysts who would struggle to perform the tasks quickly using conventional tools. But even for cloud security neophytes, it's hard to imagine generative AI leading to efficiency gains of more than perhaps 10% or 20%. It's not going to quadruple the speed at which analysts can detect cloud security threats, or allow one engineer to do the work that used to require 10.
Cloud Security Policy Controls
What about the task of validating whether cloud security control policies are secure? That might seem like an area where generative AI would be useful because GenAI tools could assess IAM configurations and determine whether they are optimal for an organization's needs.
But here again, generative AI doesn't offer a lot of value. Traditional cloud security tools already excel at detecting risky IAM configurations using simpler methods of analysis. They can detect excess permissions and overprivileged users through pattern matching and rule-based analysis. They don't need fancy generative AI models.
In short, generative AI technology might offer some opportunity to make certain cloud security workflows more efficient. But don't expect it to revolutionize the way organizations monitor and secure cloud environments. Traditional cloud security tools are already pretty good at what they do, and generative AI-based solutions can't move the needle that much.
About the authorChristopher Tozzi is a technology analyst with subject matter expertise in cloud computing, application development, open source software, virtualization, containers and more. He also lectures at a major university in the Albany, New York, area. His book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press.