Data Security Working Group Meeting - 3/14/24
Meeting Summary
The team emphasized the significance of trust in governmental institutions and upcoming events, and also touched on data security and a survey related to financial services. They then moved on to discuss the data resiliency project, refining questions and answers related to a Csa template and the Life Cycle paper. The team also made progress on a project aimed at answering client and regulatory questions. They considered the establishment of a data security group for AI with the goal of publishing a paper on data security in AI. The team also discussed the potential use of AI for data loss prevention functions and the evolving paradigms in data protection. They acknowledged the increasing use of AI in healthcare and other industries, and the challenges and concerns related to AI.
Topics & Highlights
Government Trust, Data Security, and Lifecycle Paper
Alex discussed a range of topics including the importance of trust in governmental institutions, upcoming events, and the Rsa. He also mentioned the Zero Trust working group and their latest publications. The conversation then shifted to data security and a survey and report related to financial services. Alex expressed hope that announcing the survey and report would draw attention and curiosity. He also discussed a meeting with Csa staff to discuss further. Alex then discussed the process of refining questions and answers related to a CSA template and the Life Cycle paper. He mentioned that some questions have been removed or marked as redundant after suggestions from the team. Alex also highlighted the importance of focusing on the data resiliency topic and mentioned that the recovery aspect had several unnecessary questions. He concluded that these discussions and reviews are helping to streamline the content, and there will be meeting notes available for future reference. Alex also discussed the progress of a project involving answering client and regulatory questions and mentioned that once the document was more complete, it would be submitted as a survey for further review and analysis. He appreciated the feedback received and mentioned that there would be another review session in a few weeks. Alex also discussed the status of a data security lifecycle paper and mentioned that he might have more to share in the next meeting. The next meeting was scheduled in two weeks.
Data Security and Resiliency Project Progress
Onyeka raised concerns about the progress of the data security working group's tasks, questioning if they were still working towards the set deadlines. Alex reassured him that the deadlines were flexible and the focus had shifted to the Data Resiliency project. They discussed the number of questions in their survey, with Alex mentioning they had reduced redundant ones and were close to finalizing the draft. Rocco suggested conducting a survey in a test environment and sharing the final draft with more people for feedback. Alex agreed to share the final draft in the next meeting.
Data Security Group for AI: Publication and Progress
The team discussed the idea of starting a data security group for AI. The group decided to create a publication of some kind, likely a paper, to address data security in AI. They also agreed to start the initial progress on this project, with the aim of having it completed by Q2 2024. The team further decided to use this opportunity to share information and build on existing knowledge.
AI and Data Security: Compliance and Governance
Alex and Rocco had a conversation about AI and data security, with both identifying their roles in the compliance and governance aspects of AI, especially in the context of data security. They discussed the potential use of AI for data loss prevention functions and considered the data security working group's perspective on AI projects using Github. They also highlighted the evolving paradigms in data protection, with a shift from border protection to a data-centered approach, and the significance of vulnerability research and analysis from a data perspective.
Hugging Face and AI Auditing Discussion
The team discussed various AI tools and frameworks, focusing on Hugging Face. Rocco explained that Hugging Face is a Python-based framework for building and testing Language Learning Models (LLMs), highlighting its popularity but also raising concerns about its reliability. Alex showed interest in further exploration of Hugging Face. Additionally, Rocco and Alex discussed the use of AI in auditing, noting its potential benefits and challenges, such as the need for human oversight due to regulatory considerations and potential bias. No clear decisions or next steps were made.
AI Security Document Ideas
Alex started a discussion about collecting ideas for a document. Rocco suggested that the title of their group wasn't accurately reflecting their focus on data security in AI environments. Alex agreed to make the title more accurate. Onyeka added that their concern was data security, regardless of the specific AI application. The team decided to make their focus AI agnostic, meaning their concern applies to any AI environment.
AI in Healthcare: Challenges and Opportunities
Alex and Rocco discussed the increasing use of AI in healthcare and other industries. They also talked about the challenges and concerns related to AI, such as data breaches and vendor management. Rocco shared his experiences with vendors inquiring about their AI usage and the industry's shift towards more detailed vendor risk assessments. They also touched on the ongoing efforts to encrypt data and implement zero trust frameworks. Rocco emphasized the need for companies to prepare for these changes, including budgeting, staffing, and deploying new technology.
------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------