Secure by design refers to the principle that software should be developed with security in mind through established development frameworks and best practices.
Though the concept is far from new, the approach has been featured in multiple different and prominent contexts at RSA Conference 2024.
After disclosing another breach in January involving Russian nation-state actor Midnight Blizzard and a scathing Cyber Safety Review Board report published last month, Microsoft expanded the initiative.
In a blog post on Friday, Microsoft Security executive vice president Charlie Bell laid out three principles: secure by design, secure by default and secure operations.
Due to the rapid adoption of GenAI, organizations are at risk of data exposure or theft, model poisoning, or attacks stemming from misconfigurations.
Both public and private sector organizations have emphasized the need to prioritize security in AI at the ground level.
A joint IBM and Amazon Web Services study published on Monday claimed that while 82% of surveyed C-suite executives said trustworthy and secure AI was essential, only 24% had included security as a component of their GenAI-related projects.
Separately, IBM published a framework dedicated to secure GenAI development.
Ryan Dougherty, program director for emerging security technology at IBM Security, said integrating security into AI from the start was key.
Dr. Sarah Bird, chief product officer of responsible AI at Microsoft, said the most effective use cases for securing AI at the development level involves implementing security at a slow and steady pace while applying individual models for narrower, focused use cases rather than having a single AI model that tries to do everything.
CISA has also promoted secure by design principles at the conference.
On Wednesday, CISA announced that 68 organizations committed to the cyber agency's Secure by Design pledge.
By making the pledge, software makers promised to make measurable progress in applying secure by design principles to their organization and publicly document how they achieved it within one year.
The pledge represents further emphasis CISA has made on secure by design since they launched an initiative dedicated to the principle last year.
One of the 68 organizations is Ivanti, which has come under fire in recent months amid a string of zero-day vulnerabilities that were exploited in high-profile attacks.
Asked why the security industry is emphasizing secure by design now, Wales offered a different question.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 09 May 2024 15:43:06 +0000