Leveraging AI and automation for enhanced cloud communication security

In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity.

What emerging threats to cloud communications are you most concerned about, and what new technologies or approaches are you considering to counter these threats?

The modern digital infrastructures that make up many of today’s companies face an alarming amount of potential threats daily, and these threats are becoming increasingly sophisticated, especially in the age of AI.

Companies should implement the appropriate threat detection and counter-fraud safeguards to protect their organization and its users against the constantly evolving threat landscape. Top of mind for me are advanced persistent threats (APTs), where a state or state-sponsored group gains unauthorized access to a network for an extended period without being detected. To combat these threats, organizations must also implement advanced threat detection and response systems that use artificial intelligence (AI) and machine learning (ML) to bolster teams and react swiftly and efficiently.

Many businesses are also leveraging cloud-based unified communications tools to create richer engagements with their customers and meet the customer at their choice of communication channel whether it be voice, video, messaging, or AI enabled chat. Implementing cloud-specific ransomware and fraud protection tools is key to counter threat actors and building and retaining customer trust. Creating secure API gateways that provide additional security layers including authentication, encryption and rate limiting is a good starting point, but teams should also look into incorporating more rigorous security testing and management practices.

Other ways to mitigate these potential threats include embracing a zero trust architecture, where everyone inside and outside of an organization must be verified and authorized to access information.

What role do AI and automation play in cloud communications cybersecurity, and how can these technologies be leveraged to improve security posture?

AI and automation are transforming cloud communications cybersecurity by enhancing threat detection, response times and the overall efficacy and efficiency of security operations. Both technologies play a pivotal role in identifying and mitigating threats in real-time, which is a critical capability given the dynamic nature of cloud environments.

AI-powered systems can quickly analyze massive datasets, often locating patterns and anomalies that signal a cybersecurity threat with more ease than human agents/workers. This capability is necessary for the early detection of sophisticated cyberattacks, like zero-day exploits, which traditional security tools and human experts can easily miss.

AI models also have the benefit of learning from historical data and can continuously improve, becoming more adept at predicting and identifying potential threats. However, organizations must keep in mind that these models are only as good as the data that feeds them, so good data hygiene and practices are important.

Automation is another critical component and complements AI by executing predefined responses to common threats without human intervention, drastically reducing response times. Should AI detect unusual behavior, for example, signaling a potential data breach, automation can immediately isolate impacted systems, apply security patches or even revoke access rights from certain individuals or devices. Cloud based communication and meaningful application of AI together help contain any threats and reduce the overall impact to an organization.

AI and automation also play well together when it comes to managing and enforcing security policies across cloud communications networks by ensuring all data transfers and communications meet strict security standards. That’s extremely important in a zero trust security model, for example, where AI can make real-time decisions on access requests based on behavioral analysis in a way that enhances security but protects the overall user experience.

To improve security posture and foster a proactive security environment, companies should leverage AI and automation for ongoing security monitoring, predictive threat modeling and automated incident response and reports. Any environment should be able to adapt to new threats quickly, reduce human error and free up security teams to focus on larger issues rather than routine, tedious tasks. A cybersecurity strategy that includes AI and automation will help organizations solidify their defense mechanisms and firm up their security posture against a constantly evolving cyber threat landscape.

What critical security criteria and compliance standards must organizations prioritize when selecting cloud communication service providers?

Essential considerations include ensuring strong data encryption practices, using robust access control mechanisms like MFA and role-based access controls (RBAC), and implementing compliance by design to support regulatory requirements like GDPR, PCI, and HIPAA. This compliance is crucial for protecting sensitive information like healthcare information and payment data. Data sovereignty is another important aspect to take into consideration because companies must be aware of where their data is stored and processed to comply with national data residency requirements. Offering clear data localization options will help organizations meet these requirements.

A comprehensive incident response and management framework is also vital when it comes to addressing and mitigating security incidents. There should be transparent procedures for incident reporting, response and recovery. Regular security audits and penetration testing conducted by third parties can help proactively identify and fix any vulnerabilities.

What metrics or KPIs should companies use to measure the effectiveness of their security controls in cloud communications?

Essential metrics include mean time to detect (MTTD), mean time between failures (MTBF), mean time to failure (MTTF) and mean time to repair/recover/respond/resolve (MTTR).

MTTD and MTTR help gauge the speed of a company’s threat detection and response capabilities, and having lower of both indicates effective security controls. Another metric to consider is the rate of false positives, which assesses the accuracy of the current system in place and a lower rate here means that security resources are being used in the right ways and set to focus on real threats.

How significant is the human factor in cloud communications security, and what steps can organizations take to mitigate risks associated with human error or insider threats?

While new technology and automation are great additions to cloud communications security, there is no replacement for humans, who are a critical component of any security team. In essence it is a trifecta of impact use of advanced technologies, mature and disciplined processes, and human expertise that forms a strong and sustainable security foundation.

It should go without saying that comprehensive security training is a must for everyone and it’s worth it to take the time to educate employees on best practices and walk them through examples of different cyberattacks. Organizations can also introduce a principle of least privilege (PoLP), essentially limiting individual access to resources that are strictly needed for a particular function or a task and reducing the likelihood of potential threats. Lastly, creating an environment where everyone feels responsible for the company’s collective security posture is crucial.

What emerging technologies or strategies do you believe will play an essential role in enhancing the security of cloud communications?

AI and ML are transformative and impactful emerging technologies that are advancing at an incredibly rapid pace. Currently, AI and ML are the most helpful in proactively identifying and responding to threats simply by analyzing patterns and predicting potential vulnerabilities.

A broader adoption of zero trust security models will also be important as no entity should be trusted by default. Taking advantage of the emerging tools that allow companies to truly have an “always on” approach to security will be critical in the coming years.