Transcript
I'm Terry Sweeney, Contributing Editor to Dark Reading, and joining us now on the stage is Ash Hunt, VP of EMEA Strategy at Sierra. Ash, thanks for joining us on the Dark Reading News Desk. It's great to be here, Terry. Thanks for having me. We are talking about securing AI at scale, a super relevant and timely topic. Speaking of which, Sierra launched AI Guardian this week, which is the company's biggest product release to date. Can you tell us more about what's the product about? Absolutely. I think when you look at what Sierra started with, it was everything to do with data. Yeah, we made that first big bet and play into understanding the data intelligence in every organization. You can kind of think of it as the data DNA. And the reason this is so important is because it's that first stepping stone on the path to the AI security journey. You have to understand your data because it's what AI is going to be consuming. And what we're seeing in organizations is an exponential growth of that data, okay? And that's only going to continue. And the same thing is happening with the identity layer. So when you look at those two things, they're basically the two building blocks that AI is consuming. And organizations now, rightly so, want a grip on their posture, okay? So that's not just understanding every piece of AI within the organization. It's also pieces of AI that you might even not know exist or are in operation, particularly being engaged with by end users. But then it's more than that. It's about really understanding how data is being used and how identities are being leveraged by AI continuously in real time, seeing what's happening with that data and managing risk to it, whether that is data leakage, malicious prompts, all sorts of things that could be happening with the data, okay, but all of that anchors back to that data piece. And so, you know, the release of AI Guardian for us is a natural evolution on helping organizations protect their end-to-end environment, going from a data through to identity and now through to AI. Yeah, I mean, it really makes sense given that identity data in particular, really in this day and age, represents the keys to the kingdom. Absolutely. Like this is something that really needs to be locked down for every organization. Yeah, and I, you know, I joined Sierra previously as a FTSE 250 and Global CISO, spent my entire career, you know, securing technology systems across organizations. And, you know, I could almost see this coming, okay. It was like almost on the hinterland for security teams, this challenge that I knew we were going to have to face. And actually, when I look back throughout my career, the two things that we've never really actually solved for were data and identity, data and access, right? I think of them kind of as the orphan security programs. It was ones that we tried to solve with data governance programs 10 years ago, the same thing with IGA programs for identity, but we could never solve for them. But the challenge now is really at our doorstep. Okay, we have no alternative because we've now deployed AI technology that is consuming both of those two things at rapid pace and scale and organizations are hungry for an answer. One of the other interesting hybrids that we're seeing in security management is this mashup of AI-based security program management, SPM, along with runtime protection. Tell us a bit more about what makes this combo of AI-based SPM and runtime protection so useful to organizations. So I think the first is pretty obvious, right? Which is that you can't do the runtime protection if you don't do the posture management first, right? It's just that basic hygiene. Trust me, I've heard that phrase thousands of times over my career, but it is so true. I think in lots of cases, it's kind of like if you are trying to tune a piano blind. You might kind of know where the keys are and you might know already what they might sound like, but if you can't actually identify the feedback from each key, you're never gonna get it tuned properly. Data security is exactly the same kind of thing where you kind of know-ish where your data is across the estate and you think you might know kind of, maybe it's classification, how sensitive it is, maybe whether it's got encryption on it, maybe if it's got MFA and these kinds of attributes. But time and time again, and I've seen this with the technology. It was one of the key reasons I joined Sierra is when you actually start using AI to solve for some of these challenges, you get a whole new world opening up about actually how many problems you probably have in the organization. And we see this all the time with customers, that kind of exposure to the unknown unknown. And I think that's really that kind of first stepping stone with the data and now with AI, you've got organizations and end users engaging with all forms of AI, whether that's homegrown models, whether it's SaaS applications, and of course our supply chain with AI is getting more and more complex as time goes on. The desire to innovate is what's driving a lot of that, but you first need to start with that posture to understand what you've got and how it's being used. And that how it's being used is what feeds into that runtime protection, okay? Understanding actually not just the AI applications and models and the agents that you might have across the estate and how agentic orchestration might actually be operating, it all hinges on the data. It's what data are those identities accessing and how is that data being manipulated through models and how is the output being used across the organization? And I think that is really where the foundations of true AI risk management are going to take place. Well, if I'm understanding right, it's also the automation, the seamless automation that AI seems to bring to so many different functions in security management, completely transparent to the end user is what enables so much of this innovation, this automation. It seems like a no brainer in so many respects. You can't do it without it. You know, you kind of got to fight fire with fire, right? Like I said previously, those challenges around data and identity were for everyone here an orphaned program. Like we tried doing data governance when we only had manual approaches through rules-based approaches, regex tuning and things like this, and we could never scale it. And here's what happened, data growth and identity growth, and now AI growth is all outstripping our ability to tackle them until we then began applying some of those techniques to solve for those problems, okay? And that is why the very specific application of advanced LLMs that we use at Sierra applying to those problems have been able for us to help organizations rapidly get across their data estates, but without sacrificing precision. I think that's a really, really important point, right? And a unique combination that we're not losing any of the fidelity, but we're able to operate at pace and scale. And that is because we are taking AI to solve for some of these problems and now applying it with AI Guardian to that whole AI SPM and the runtime protection piece. Okay, we've also seen a wave of generative AI adoption, and you mentioned agentic AI a few minutes ago. This is also clearly on the rise. How well prepared are security teams for this big shift in how they work and how the processes function? So look, I think from my experience throughout my career, the teams that I've had working for me, I think as security professionals, we have a pretty natural DNA for overcoming tough challenges. I think improvising, adapting, and overcoming things is kind of what we have to do day in, day out. And I think in many ways, security professionals are probably a lot better prepared than I would say others even in some of the earlier years of my career. I remember we were using basic machine learning. So we've sort of like been very slowly inculcated into this new challenge that we've got, but of course it's now scaling at a crazy new pace. But I look around and I look at the vendors here, there's amazing innovation going on, which again is applying those AI techniques to solving those problems. So when I look at things like some of the agentic work in SOC orchestration and automation, when I look at workflow automation, I think there's some amazing applications of AI. And most importantly, a lot of the advancements in language modeling that we're able to kind of understand our actual estates for the first time, which I really don't think we've ever really been able to do, that data centric approach to security. But of course, AI is moving very, very fast. Okay, we need to keep pace. It's high tempo activity. We can't afford to slow down. And I think that's why events like this at Black Hat are amazing because it really gives security professionals the opportunity to get together, ideate together, and actually work through some of these problems before applying them in their organizations. Good stuff. Ash, take us out with some comments around organizations that may be considering the kind of approach you're describing. What sort of questions should they be asking themselves? I think the first thing very briefly is to recognize that I don't really think there's anything new with AI risk. I think a lot of the loss exposure that organizations would have had previously is just really going to be metastasized with AI. It's just gonna be made a lot worse a lot quicker. So I think the first thing is basics, okay? You've got to understand your data, okay? That is the key asset that you have to focus on across the organization. Next, focus on how that data is going to be used and by whom, okay? So that identity layer of whether it's the human account, the machine account, the agent, and indeed agentic orchestration. Understand the permission structure, the right circumstances, and the right environments that those identities should or should not be using that data. And then finally, really understand the posture around AI, yeah? I think it's so worthwhile actually getting a grip on what AI do I have in my organization? What is and what isn't AI? Because that is not only just going to help organizations get the ability to implement security controls, it's gonna help them leverage data and AI to unlock innovation and grow revenue in the organizations. And I think that's where the future of security and technologists lie. Well, all great tips and guidance for scaling AI inside the enterprise. Ash, thanks so much for joining us on the Dark Reading News Desk today. Thanks so much, Terry. We've been talking with Ash Hunt of Sierra. This has been Terry Sweeney for the Dark Reading News Desk. Thanks for joining us for this segment. We'll see you next time. Thanks for joining us for the Dark Reading News Desk. We'll see you next time.
