Data Leaders’ Top 4 Security Trends for 2024

It’s easy to talk about trends in absolutes. “This new development will affect jobs across every sector,” and “this new platform is going to be everywhere” – these kinds of blanket statements remove nuances that can be incredibly important when discussing trends.

Instead, we should focus on questions like “How will this trend impact a specific sector, or even a specific organization?” and “How is the shift already impacting teams across industries?”

During our Exploring Top Data Security Trends for 2024 webinar, a panel of data-driven leaders discussed their unique outlooks on the topics that will define data in the coming year – and how these trends are already impacting their teams, their customers, and their own work.

This blog will highlight four of the key takeaways from this webinar and provide insights into the most relevant data trends.

Kaj Pedersen on The Future of AI Security

The first problem we have to solve with AI is intelligence.”

Kaj Pedersen CTO, AstrumU

While AI and machine learning (ML) are by no means new, the recent boom of easily accessible tools like ChatGPT has brought them to the forefront. The rapid adoption of AI, coupled with uncertainty around its operation and overall safety, makes AI security a hot-button issue amongst tech-forward organizations.

One organization that is successfully innovating with AI and ML is AstrumU, who use these tools to provide students, educators, and employers with tailored recommendations that allow them to quantify the value of education. AstrumU CTO Kaj Pedersen’s hands-on experience with these tools has informed his outlook on the current state of AI, and where it might need to go next.

“The simple truth is that what we’re doing with AI today is not technically intelligence,” said Pedersen. “It’s a large amount of compute power organized around data and probability statistics that enable you to get to a pretty accurate answer.”

As AI evolves, its most popular use cases involve producing machine-generated query results. Since these tools are trained on vast amounts of data – much of which is still unverified – neither the validity of the answers nor the privacy of the training data is guaranteed. According to Pedersen, this is indicative of a concept that is still in its early stages.

“The simple truth is that…the transformational potential of AI is going to be constrained by its hardest problems,” he shared. “So, until we solve those, we’re sort of still in the tooling phase.”

Seth Youssef on The Challenge of AI Governance

You need to make sure your model doesn't break your privacy requirements…The model in itself has to go [through] rigorous processes like any secure software development. It should not be treated any other way.”

Seth Youssef Global Field CTO, Snowflake

Building on Pedersen’s remarks, Snowflake Global Field CTO Seth Youssef commented on the data security implications of AI development and implementation.

“One of the challenges I’m seeing with organizations is that they have thousands of models hanging around,” he said. “There’s no control over them, and there is no lineage; you don’t know what model is trained on which data.”

Often, the desire to experiment with AI outweighs establishing and applying protective data controls. This heightens the risk for sensitive data, as lax standards make for inconsistent and ineffective data security.

To address this issue, Youssef called for teams “to establish proper governance around model deployments and retirement.” This requires applying effective data access controls and security policies to ensure that only the right users are seeing the right data – even if it’s being processed by an AI model. It also necessitates vigilant upkeep of governance measures, including purpose-based access control and continuous security monitoring of the potentially vulnerable data in your ecosystem.

To improve security, Youssef recommended that “when a model is outdated, just get it out, remove it, and remove all the data sets [that were] probably used to train that model.” By constantly refreshing AI training data, you ensure that it is not exposed to potential exposure or leakage.

Karen Meppen on The Importance of Compliant Controls

Being a good custodian of the data in your ecosystem [is when] compliance is the floor, not the ceiling.”

Karen Meppen Director, Client Services, Hakkoda

Expanding on Youssef’s call to remove outdated data sets and AI models, Hakkoda Director of Client Services Karen Meppen highlighted how data retention and deletion are crucial to data security and compliance.

“I think that retention roles in the data life cycle are the ‘sleeper hit’ of managing data as a whole,” shared Meppen, “because the whole point is you really should be focusing on all the data resources within your data ecosystem.”

Meppen stressed the importance of gaining – and maintaining – a holistic view of your data to ensure that it is cycled in and out of your platforms safely. This way, you know that your cloud data management measures cover your entire data ecosystem in a compliant and secure way.

Achieving regulatory compliance in a modern organization, however, requires controls that won’t squander data’s business value. Using dynamic controls, teams can compliantly govern data while still allowing authorized users to derive value from it. According to Meppen, this requires “the agility of…attribute based access control, so that the right people are getting access and doing what they need to do to manage the data and deliver value.”

Fundamentally, your data ecosystem must be compliant before it can be of value to your users. If compliance is sidelined in the pursuit of experimentation or faster time-to-value, it can lead to irresponsible data use that harms your customers, your organization, your budget, and your reputation.

Claude Zwicker on Bridging the Compliance-Engineering Gap

There's this huge gap between legal frameworks and an engineer trying to work with data every day. And I think there's this huge opportunity to provide solutions…to bring these personas closer together and to close that gap through things like automation and security at scale.”

Claude Zwicker Senior Product Manager, Immuta

Where Meppen spoke on the fundamental nature of compliance, Immuta Senior Product Manager Claude Zwicker surfaced a compliance challenge that many modern organizations face: a lack of stakeholder alignment.

With compliance laws and regulations regularly being developed and adjusted, it’s difficult for data teams and stakeholders to comprehensively understand which regulations apply to what resources. This exacerbates workflows for data engineers, who may be required to constantly review their data in order to maintain compliance.

According to Zwicker, automation and scalable data security help to bridge this compliance-engineering gap. Automating processes like data discovery and classification means engineering teams no longer need to manually review and tag their sensitive data to meet compliance requirements. When discovery capabilities are coupled with plain-language access controls, stakeholders gain an even more concrete understanding of the rules that govern their data use.

Applying straightforward processes makes compliance requirements more digestible, helping to foster a security- and privacy-first culture across your organization’s compliance and engineering teams.

“We really want to see those two worlds grow together,” he said. “That’s when I think it becomes really impactful, when we can identify and understand data…and apply policies at scale.”

Taking Action on Top Data Security Trends

While trends will continue to impact the ways in which we use data, a holistic approach to data security and privacy will supplement (or mitigate) their effects. Whether it be meeting the challenges of securing and governing AI data, or helping to maintain compliance in a shifting landscape, keeping data security foundational to your team’s data usage is paramount.

Watch the Exploring Top Data Security Trends for 2024 roundtable discussion in full for more from the four panelists. If you’d like to explore predictions from an even wider range of data-driven experts, read our 2024 Data Security Trendbook today.