AI is top of mind for security teams across every industry. As more organizations adopt generative AI and cloud-native technologies, IT teams confront more challenges with securing their high-performing cloud applications in the face of expanding attack surfaces. According to McKinsey’s State of AI in 2023 report, 40% of respondents said their organizations plan to increase their overall AI investment because of advancements in generative AI. But only 21% said their organizations have established policies governing employees’ use of generative AI technologies. Moreover, in addition to managing cloud spend and resource utilization, organizations must also now consider the cost and carbon impact of developing and using generative AI models.

Additionally, blind spots in cloud architecture are making it increasingly difficult for organizations to balance application performance with a robust security posture. To ensure optimal performance and security of cloud applications, organizations need a comprehensive view of their entire AI stack and cloud environment with a strong application security approach.

At this year’s RSA conference, taking place in San Francisco from May 6-9, presenters will explore ideas such as redefining security in the age of AI. Attendees will seek answers to two crucial questions: ‘How secure are we?’ and ‘How compliant are we?’, viewing these concerns through the lens of AI-powered solutions.

Our RSA 2024 news guide explores the ways AI and security are converging with observability and how this affects application security, vulnerability management, and threat detection. If you’re attending the conference, stop by the Dynatrace booth in South Expo space 561, and our Platinum Lounge in North Expo space 5157.

AI and security need to go hand-in-hand

Generative AI is becoming increasingly popular in organizations across nearly every industry. With the ability to generate new content—such as images, text, audio, and other data—based on patterns and examples taken from existing data, organizations are rushing to capitalize on the AI model. However, security remains a concern despite benefits such as faster development and improved productivity.

As organizations train generative AI systems with critical data, they must be aware of the security and compliance risks. In fact, according to the recent Dynatrace survey, “The state of AI 2024,” 95% of technology leaders are concerned that using generative AI to create code could result in data leakage and improper or illegal use of intellectual property. Therefore, these organizations need an in-depth strategy for handling data that AI models ingest, so teams can build AI platforms with security in mind. Check out the resources below for more information.

Managing cloud application security risks to maximize cloud-native benefits

Organizations continue to embrace the cloud as the pace of digital transformation accelerates. Whether multicloud or hybrid, public or private, cloud-native architecture offers flexibility and agility to help organizations deliver software faster. But these benefits also become risks when it comes to cloud security.

Modern clouds are extensive and dynamic, which creates unprecedented complexity that can increase vulnerability to cyberattacks. And organizational silos, lack of end-to-end visibility, and lack of DevSecOps automation render many organizations ill-equipped to handle these risks. Recent research found that 76% of CISOs cite the limitations of security tools for real-time identification of risks in dynamic cloud-native architectures as a key challenge.

Cloud application security is crucial to every organization. As organizations introduce generative AI and continue to use open source code libraries, APIs, microservices, and more to innovate faster, the risk of attack compounds with more entry points for bad actors access critical data. One data breach or zero-day attack can have lasting implications, from revenue loss to reputation harm.

Organizations building out their cloud security strategy must prioritize an end-to-end view of their cloud, applications, microservices, and more to keep their data secure. Check out the following resources to learn more about managing cloud application security.

Converging security and observability

Maintaining software security is becoming increasingly difficult as the rising complexity of cloud-native environments and generative AI create more risk for undetected vulnerabilities to infiltrate applications. Despite this risk, organizations face mounting pressure to innovate faster and on a larger scale. However, the 2024 CISO report indicates traditional log-based security information and event management (SIEM) and extended detection and response (XDR) solutions have limited value in the cloud-native, AI-driven threat landscape. Indeed, more than 75% of CISOs cite blind spots and limitations of SIEM and XDR for automating responses and addressing risks in real time.

As a solution, organizations are converging observability and security data, giving DevSecOps teams end-to-end visibility into application security issues for real-time answers at scale.

Observability is critical for monitoring application performance, infrastructure, and user behavior within hybrid, microservices-based environments. Likewise, with observability of systems that run AI models, organizations can predict and control costs, performance, and data reliability.

To ensure application security in these AI-enabled, hybrid cloud environments, organizations must integrate security into an observability framework. Monitoring potential security threats, such as unauthorized access, malware infections, or data exfiltration, is critical, especially as workloads are distributed across multiple environments.

Together, observability and security data make teams more effective in identifying and responding to critical security incidents as quickly as possible, resulting in a better security posture. Check out the following resources to learn more.

The importance of secure and compliant workloads

Given the complexity of today’s multicloud and hybrid cloud environments, leveraging observability and security data becomes paramount for understanding an organization’s security posture. This understanding is essential for effectively assessing business risk and compliance requirements, particularly given the ever-changing regulations and dynamic nature of cloud infrastructures. Regulatory compliance is growing in importance as cybercriminals leverage AI to create new exploits faster, while development teams must use these same capabilities to accelerate software delivery with less manual oversight.

As compliance is often a moving target, organizations are increasingly turning to automation across their DevOps, security, and compliance teams. This automation minimizes risk and maintains regulatory compliance effectively. In fact, 83% of respondents to the 2024 CISO report say DevSecOps automation will be essential to their ability to stay on top of emerging regulations.

Automation empowers organizations to proactively manage risks such as misconfigurations and compliance violations, automating remediation and managing the exposure risk of vulnerabilities introduced by AI. RSA attendees need the right tools to determine their level of security and compliance.

To effectively prevent exploits and compliance violations, understanding the organization’s attack surface is crucial—the sum of all potential entry points for unauthorized access, spanning hardware, software, and human factors. While absolute security is unattainable, acknowledging the expansiveness of the attack surface is the initial step toward fortification. Dive into the following resources to learn more.