Alex Hesterberg, CEO of Superna, speaks with Mark Johnson, Chief Growth Officer of CoStrategix, in a video interview about how organizations are navigating the dual nature of AI, focus areas for protecting data used in AI and ML training, the disconnect between security and data teams, why compromised data can derail entire AI training cycles, and how Superna is turning the storage layer into a vital security endpoint.

Superna is a global leader in data protection and defense for cyberstorage and hybrid multi-cloud.

AI’s double-edged sword: opportunity and risk in the age of machine learning

At the onset of the discussion, Hesterberg delves into the dual nature of AI, outlining its immense potential and the equally significant risks it brings. He states that anyone involved in AI or machine learning today is familiar with key terms like large language models, small language models, and the data sets used to train these models.

However, the conversation around data does not stop at scale or sophistication. According to Hesterberg, compliance with evolving regulations is becoming increasingly critical.

Referencing the EU AI Act as a significant influence on how organizations must now manage data within AI pipelines, he says:

“If that data cannot be insured to be protected and guaranteed that it hasn’t been manipulated or accessed by any unauthorized users… that data set is not allowed to be used, or the person or the organization that’s using it is potentially liable for any downstream impacts…”

This clause from the Act falls under the governance component, making it clear that unchecked or compromised data usage could carry significant legal and operational consequences.

Next, Hesterberg outlines the core focus areas when it comes to protecting data used in AI and ML training:

• Ensuring data lineage

• Maintaining data compliance

• Preventing unauthorized access or manipulation

• Guarding against nefarious activities that could influence model outcomes

This ensures that the output of the AI and ML training doesn’t come out to be nefarious or have some sort of an ulterior motive, he adds.

Interestingly, Hesterberg points out a notable gap between security teams and data scientists when it comes to priorities. He observes that data scientists tend to prioritize data cleanliness and usability over security concerns.

Calling it ironic, Hesterberg states that the same tools that the security team uses to monitor data in real time for attacks, deletions, or extortion attempts also help ensure datasets remain unmanipulated, unencrypted, and intact.

This dual functionality helps maintain data quality. Reflecting on his past visit to the GTC conference, he mentions that the primary security concern among the data science community was the risk of data disruption, which could significantly delay or hinder model training.

Delving further, Hesterberg shares an example of how compromised data can have a massive consequence: “If you have a 90-day training cycle for your AI module, and you hit day 85 and you get an encrypted or deleted block, you could end up losing all of that time and losing all of that GPU spend, and you have to go back to the beginning.”

Therefore, according to Hesterberg, there are two primary use cases for security and data auditing in the AI space, and they both fall into a security bucket and also a data readiness and data cleanliness bucket.

Uniting security, data, and storage teams for modern threat response

Moving forward, Hesterberg sheds light on a crucial yet often overlooked disconnect, which is the divide between security, data, and storage teams. “Traditionally, these groups have only come together in response to an incident or crisis,” he notes. “The security and data and storage teams are a perfect example of that.”

Hesterberg points out that while security teams are equipped with extensive tools, training, and budgets, the systems are often not designed to interface with the storage and data environments. “Most of those organizations and those tools and those workflows are not set up to include the storage environment, the data environment in things like incident response… they’re almost blind to it.”

This lack of integration has led to scenarios where security teams are unaware of breaches or compromises occurring at the storage layer, he says.

Adding on, Hesterberg shares that he has had countless conversations with customers and prospects where the storage and data teams have made it clear that, while they manage the storage infrastructure, the incidents they’re facing go beyond their scope.

These teams often point out that the issue stems from a malicious external or internal actor who has tampered with the storage system — something they may have successfully defended against — but ultimately emphasize, “This is a security issue.”

To address this, Hesterberg’s team made a decisive pivot of investing heavily in integration with the broader security ecosystem. “We started investing heavily in the common security toolchains, the SIMs, the SOARs, the endpoint protection capabilities, the attack surface management area…”

Thereafter, Hesterberg worked with the “security teams and built integrations that allowed them to see everything that happened with the event that occurred at the storage layer.”

Breaking down the approach further, Hesterberg says, “We are making the storage layer a new endpoint that is now part of the security incident management response, because before they were kind of blind to it.”

He adds that now, when a threat reaches the storage environment, the system actively blocks the incident, cuts off the user’s access to the data, and, if any data has been affected, it is fully restored in place within seconds.

Wrapping up, Hesterberg states that what is more impactful is the ability to deliver detailed information directly within the security teams’ existing tools. They can show exactly what happened, when it happened, and how it happened, enabling those teams to carry out their incident response actions.

This could involve isolating a compromised host, removing it from the network, or launching an investigation. Emphasizing the significance, he concludes that the storage device could be viewed as the most critical endpoint since that is where the data actually resides.

CDO Magazine appreciates Alex Hesterberg for sharing his insights with our global community.

Most Security Technologies Overlook the Data and Storage Layer — Superna CEO