Overcoming the challenge of embracing AI without compromising security

With sensitive information, trade secrets, and business-critical data increasingly residing in the cloud, Indian organizations are heavily leveraging cloud platforms for data and analytics capabilities. In fact, 80% rely on the cloud for these functions, and 78% already store over 30% of their data in the cloud. However, as businesses adopt platforms like Google Cloud’s Vertex AI Workbench to scale their AI initiatives, they often unknowingly introduce significant security risks. These powerful tools, while driving modern IT strategies, simultaneously create new attack vectors. Another research highlights this concern, revealing that 77% of Vertex AI instances operate with overprivileged default configurations, leaving critical data and systems exposed.

So how can CISOs and IT leaders overcome the growing challenge of embracing AI’s transformative potential while maintaining security? 

Understand what secrets reside and where

Secrets are privileged credentials used by human and machine identities to access sensitive systems. Modern cloud environments have secrets such as API keys, access keys, encryption keys, tokens, usernames and passwords lying around, waiting to be breached. Today, roughly one third (31%) of cloud storage resources containing sensitive data held information classified as restricted or data with the highest sensitivity level, while about two-thirds (66%) hold information classified as confidential, the second highest level. This means that a single breached secret can unlock attack pathways, potentially leading to data exfiltration, AI system compromise, and complete takeover of the cloud environment. 

Sensitive data exposure frequently results from a "toxic cloud trilogy": workloads that are critically vulnerable due to unpatched CVEs, publicly exposed to the internet, and overly permissive. Flawed permission structures, often arising from inconsistent access policies or overlapping roles, lead to confusion and security gaps. Furthermore, inadequate and often manual monitoring fails to detect these issues promptly, fostering a false sense of security. Another contributing factor is when developers' elevated privileges, initially intended for temporary use, are inadvertently made permanent. Finally, a significant challenge is a lack of awareness regarding data sensitivity, causing organizations to unknowingly store sensitive information in public locations.

Shoring up defences, protecting cloud AI

Defending cloud environments is highly challenging, especially against sophisticated attackers. Protecting it must be top of mind to minimize risk. Here’s how to do it:

Minimize public exposure: Not everyone managing cloud assets is aware of secure data storage practices, increasing the risk of exposure. Continuously monitoring cloud environments for public access, including by third parties, reduces sensitive data exposure. Automating the detection of misconfigured storage services, enforcing least-privilege and assessing posture makes the job easier. Exposure management platforms are great at the job. They map complex asset, identity and risk relationships across hybrid environments to spot and prioritize cross-cloud attack paths.

Safeguard secrets with total visibility: protecting enterprise secrets can’t happen without continuous visibility into where sensitive data resides. Managing secrets must be a core pillar of data governance strategies. In fact, major cloud providers offer mature, secret management tools that integrate easily with existing IAM frameworks. It’s important to leverage these tools to enforce least privilege, reducing sprawl and improving auditability.

Patch the most-critical vulnerabilities: Context and the likelihood of exploitation of a vulnerability make patching the right ones necessary. The right context requires the right data. Know what data lives in your environment and continuously assess its sensitivity. This should be an ongoing, telemetry-driven effort — not a quarterly scan. Adopt exposure management platforms. They correlate identity, vulnerability and network configuration data across the entire cloud stack to identify toxic combinations that expose sensitive data and cloud infrastructure. Prioritizing which vulnerabilities to patch first makes all the difference in how efficiently an organization protects sensitive data. 

Secure cloud identities: Identity is the perimeter to the cloud. One compromised overprivileged account can give attackers access to enterprise secrets. Take identity security one step further by implementing Just in Time (JIT) access to eliminate standing permissions and enforce timebound access. Seek out solutions offering JIT for IdP groups and that deliver via go-to collaboration tools.

Secure sensitive data: Inventory, classify, and track where sensitive data resides across the cloud. Knowing the sensitivity level and who has access to it and when offering the context needed to stop unauthorized access.

It’s not just about fixing vulnerabilities anymore. It’s about understanding cyber risk in the context of business. With today’s cloud environments offering fertile ground for attackers, automating risk management across cloud infrastructure, workloads, identities, storage, data and AI resources is essential. Prevent secrets from leaking by adopting an exposure management platform with a mature cloud security component. It empowers security teams to stay focused, effective and ahead of evolving threats.