Building the digital-first organisation around secure-by-design infrastructure, reinforced with AI and generative AI (GenAI), can support organisations’ efforts to improve security and enhance security culture.
This is according to Ahmed Abdel Hamid, Principal Security Strategist, Middle East and Africa (MEA) at AWS, who was speaking ahead of the ITWeb Security Summit.
He notes: “Embedding security into the very fabric of the organisation can unlock the power of security as a strategic enabler, rather than a constraint.”
Hamid says an organisation with an effectively embedded security culture consistently connects security to its mission and business objectives, builds security into everything and corrects mistakes quickly, establishes norms and high standards for security hygiene, adopts a zero-defect approach, with no tolerance for known vulnerabilities, and continuously vets security in both development and production.
However, many organisations are challenged in overcoming vulnerabilities in the ‘human firewall’ and embedding security culture throughout the organisation.
“Building the organisation’s systems on a secure foundation is the first step in enhancing security and addressing human vulnerabilities. AWS builds security into the core of our cloud infrastructure, and offers foundational services to help organisations meet their unique security requirements. AI and generative AI can then be harnessed to support security teams and employees across the organisation – for example, new generative AI-powered Amazon Inspector, Amazon Detective, AWS Config and Amazon CodeWhisperer include features that complement the human skillset by helping people make better security decisions, using a broader collection of knowledge.”
For security teams, generative AI-powered solutions and retrieval augmented generation (RAG) such as Amazon Kendra, Amazon Security Lake and Amazon Bedrock – can help automate mundane tasks, expedite security decisions and increase focus on novel security problems.
He says: “Generative AI has the potential to help alleviate the cyber security talent shortage by amplifying human abilities and enhancing various aspects of security. It can be a powerful tool for security teams to help identify and resolve issues faster and more effectively. Security teams are using AI and machine learning powered automation to help prioritise findings, automate incident response and detect anomalous behaviour more accurately. Tools like Amazon CodeWhisperer can also help developers scan code for hard-to-find vulnerabilities and suggest more secure options.”
Hamid will address a track on securing the future: strategies for generative AI security. The ITWeb Security Summit 2024 will take place at the Sandton Convention Centre on 4 and 5 June. For more information and to register for this event, go to https://www.itweb.co.za/event/itweb-security-summit-2024/.
Share