Data protection demands AI-specific security strategies
Adoption and use of AI tools is high across organizations, however many are concerned about the impacts AI will have on their larger data security strategy, according to Immuta.
Only half of the respondents say their organization’s data security strategy is keeping up with AI’s rate of evolution. What’s more, despite AI’s recent boom, implementing stronger data governance and security controls will be a higher priority for data teams in 2024.
Data governance takes center stage in company initiatives
When asked what significant initiatives their company is taking on in the next 12 months, 80% of respondents said their top priorities were data security related initiatives – such as implementing stronger data governance and security controls, and modernizing data architectures with new concepts like data mesh – while only 20% noted integrating AI into business processes will be a top priority.
“With the rapid onset of AI solutions and ongoing push to migrate data to the cloud, data leaders are now grappling with how to prioritize data security, agility, and visibility. They need solutions that provide both proper data protection and the flexibility to use data to drive value,” said Matt Carroll, CEO of Immuta.
“Without the foundation of a strong data architecture and data security strategy in place, it will be impossible for organizations to safely integrate AI into their processes. Business leaders must design AI-specific security strategies that include the right protocols and policies to protect data,” added Carroll.
The rapid evolution of AI and ML has spurred both excitement and concern across organizations. According to the report, employees are already leveraging these tools to increase productivity and streamline processes within their roles. 88% of data professionals note their employees are using AI, and many data professionals are confident AI will help them become better at things like anomaly detection (44%) and phishing attack identification (46%).
Organizations urged to prioritize AI security policies
At the same time, many are concerned about the broader security impacts AI will have on their organization. 56% of respondents cite the exposure of sensitive data via an AI prompt as their greatest area of concern. This trepidation reinforces the need for AI-specific security strategies and policies so organizations can confidently and securely utilize the technologies and also launch AI models at scale.
Although AI is top of mind for data professionals across every sector, trust, security, and compliance are still leading organizational priorities. 88% of data leaders believe that data security will become an even higher priority in the next 12 months, ahead of AI. With 80% of data professionals indicating that their data protection capabilities are better than they were a year ago, it’s likely budgets and resources will increase as data security continues to be a growing priority for business leaders amid today’s evolving threat landscape.
As organizations grow, their structures become more intricate and they manage more data – both of which make data security increasingly challenging and critical. This also creates more complexity around data ownership. According to the report, there is no clear owner of data security across organizations.
Respondents indicated that the job title most commonly accountable for data security is Data Privacy or Security Manager (19%), or Chief Technology Officer (15%). However, numerous other roles were also noted as being responsible for data security. This lack of ownership creates challenges around managing security collaboratively, which leads to teams operating in silos and insecure deployments.
Similar to findings from last year’s report – which found that 63% of data professionals lacked visibility into data access controls – data access remains a major security obstacle for teams: 33% of respondents cited a lack of visibility into data sharing and usage as their biggest security challenge, and that they have missed business opportunities as a result.
At the same time, 56% note that data security processes slow down access to data, meaning that over half of organizations are sacrificing some level of data-driven value for essential security outcomes – trading agility for trust and compliance.