1

LEADERSHIP PERSPECTIVE

MLMachine Learning: Key Adoption Cybersecurity Considerations

2 3

Machine learning (ML) is an application of Artificial Intelligence (AI) that uses algorithms to observe and analyze data for the purpose of extracting knowledge or patterns. An ML system can build its own logic and solve problems without explicit programming, although it is designed to simulate human learning. In theory, ML accelerates or enhances repetitive tasks such as reviewing logs, generating SIEM reports and applying patches.

An ML design uses one or a combination of the following approaches to produce outcomes that are entirely dependent on the data inputs and training methods:

Supervised learning ML learns rules for correlating paired inputs and outputs for prediction purposes. Correct answers are known, and ML learns from “labeled” data. A variation on this approach is semi-supervised learning, which involves partially labeled data and human help with labeling and/or adding labeled data into the mix.

Unsupervised learning ML models the structure or distribution of data to provide insights into the data. The algorithms work on their own to present outcomes. Correct answers are not known ahead of time.

Reinforcement learning ML learns through feedback (a reward signal) and experience.

ML is used in many industries, and some of the more prominent uses include internet search, customer experience, mail management, financial planning, fraud, predictive equipment maintenance, supply chain management, transportation routing, cybersecurity and healthcare diagnostics.

Basics and background

4 5

An O’Reilly Media study reports that

McKinsey estimates that total annual external investment in AI in 2016 was between

with machine learning attracting nearly

of that investment.2

$8B to $12B

of organizations are exploring or looking into deploying ML

38% claim to be early adopters

15% say they are sophisticated users.1

49%

60%

Expect the adoption rate to accelerate, in part due to the expanding ML capabilities of public cloud providers. They tout their tools and ease of deployment. Additionally, open-source tools, open-source platforms and analytics applications lower the cost of entry.

As a result of applying ML, businesses report outcomes that include faster task completion, better decision-making supported by enhanced data analytics and greater flexibility to allocate human resources. A Deloitte survey reports that 83% of respondents’ companies have achieved moderate or substantial benefits.3

The ML gold rush is on

6 7

Navigating the road to successML outcomes can enable differentiation, increase efficiency and enhance customer satisfaction. Capturing these benefits, however, requires business leaders to choose the specific strategies and designs for their ML projects. Areas to consider are:

TalentML projects involve a core team of data scientists, ML architects, MLOps engineers, domain experts and others who together can work with advanced analytics and deploy ML into business products and processes. Team members must understand the relevant technologies and build accurate, well-defined use cases. Enterprise leaders must assess skills and roles and make investment decisions based on clear objectives.

Computing power, scalability and riskBusinesses pursue ML in-house, in collaboration with a cloud service provider or by taking a hybrid approach. In-house endeavors can be capital intensive but enable tight control. An OpEx approach via cloud providers lowers impact on a business and offers on-demand scalability. And this route creates a shared risk model that can be tricky for regulatory compliance. Not all cloud services are compliant with the Health Insurance Portability and Accountability Act (HIPAA), for example. At a minimum, cloud providers should be able to produce certifications, test results, third-party evaluations or other credentials to address risk management.

Legal and compliance considerationsRegulations pertaining to AI and ML are not clear. They may evolve rapidly but continue to lag technology deployment. Business leaders should anticipate changing laws, policies and practices related to intellectual property, marketing, compliance and other areas touched by ML. A top priority is understanding the impacts of ML on employees and data privacy.

Tolerance for the black box nature of ML and lack of transparency An ML system is a black box if users can’t see behind the covers to understand, for example, how the data selection criteria or inputs modify the system. Blind faith is risky and unnecessary. Contain risk by mak-ing sure those directly involved with ML understand fundamentals such as data classification, clustering and algorithms. The growing availability of open solutions and extensible analytics platforms makes it easier to avoid black box scenarios.

Development of an ML lifecycle In addition to use cases, an ML life cycle includes methodologies, evaluation methods, metrics in the form of KPIs, ROI and governance. An enterprise’s ML maturity and goals will determine whether it makes sense to develop the life cycle internally or bring in consultants.

Data integration strategyML cannot work without qualified, relevant data. Each ML project requires adequate amounts and types of data and close management of data sources, quality, security and uses in different, dynamic contexts.

8 9

Security deserves special scrutiny

Data privacy and data sharing aligned with regulations such as General Data Protection Regulation (GDPR) and HIPAA Until regulations specific to ML are better defined, the recommended course is to protect data outputs from ML as if they are actual data from users.

Malicious attacksJust as enterprises increasingly use ML, so do the bad guys. A robust defense should anticipate certain attack types:

• Spoofing, which can provide false data inputs• Data poisoning, which contaminates ML training data • Feeding data that leads to learning incorrect behavior—a higher risk

for ML systems that interact with external systems • Fooling image recognition systems so they mis-identify objects by

means of camouflage, decoy objects or other subterfuges

Insider attacksWhether intentional or unintentional, insider attacks can be thwarted with controls such as authentication, unique IDs and privileged access management. The important thing is to focus on what needs protection, regardless of the source of the attack.

Data mapping, classification and protectionA security priority is knowing what types of data exist and where data flows or rests and how and when it is accessed. Companies in heavily regulated industries such as healthcare and finance are the furthest along with mapping and classification. Some companies focus first on fundamentals like encryption and role-based access controls, and then turn to data classification, but perhaps with a limited focus on highly sensitive data. Comprehensive classification simplifies data protection throughout an organization.

Every new technology requires thorough vetting to identify the security implications. ML may call for special scrutiny to determine security updates or changes appropriate for technology that not only expands the attack surface but also is used defensively in threat prediction, detection of indicators of compromise and attack prevention. Top security considerations for ML include data privacy, data mapping and attack countermeasures.

10 11

“ Machine learning is not a magic bullet. You can’t take what you have and run it through the ‘ML box’ to increase profitability, accuracy or efficiency. Look for technologies that are extensible and allow you to build custom models using standard or low-friction mechanisms. Create a strong ML team that can drive direction, functionality and goals based on understanding the technologies and implications.” Greg Baker Global VP/GM, Cyber Digital Transformation

Optiv

1. O’Rielly, The State of Machine Learning Adoption in the Enterprise, 2018.2. McKinsey Global Institute, Artificial Intelligence The Next Digital Frontier?, June 2017. 3. Deloitte, Bullish on the business value of cognitive, The 2017 Deloitte State of Cognitive Survey.

Accelerating ML innovation ML is not in itself a complete solution. A skilled team needs to direct and support enterprise-specific ML initiatives that focus on well- defined use cases whose objectives are to increase accuracy, improve efficiency or enable new capabilities. Priorities are extensibility, standardization and low friction.

The lower the barriers to adoption, the easier it is to get ML projects launched. One way to do this is by taking advantage of current investments. Spark, which can be deployed on Hadoop, offers ML libraries, APIs and a developer support community. Other technologies allow users to create ML models using Simplified Markup Language to expedite startup. The ML team can determine how to proceed after examining current capabilities and identifying gaps.

Best practices include:

1. Assess your current security strategy and solution to determine how to leverage what’s already in place and apply security controls to ML versus buying new, possibly unnecessary assets. Understand how to build processes for new attack vectors.

2. Build security into every ML project from the beginning to cover end-to-end ML systems and connection points.

3. Devise a rigorous ML vendor evaluation process that addresses short- and long-term cost, performance and maintenance in dynamic environments.

4. Create a comprehensive development and testing process to evaluate the robustness of new ML systems to withstand adversarial attacks. Use attack-and-test tools—some development and testing toolkits exist on GitHub—to better score, understand and build in robustness.

5. Develop a formal program to attract and/or develop ML talent based on a thorough assessment of needed roles and skills.

6. Designate a leader like a CIO or CISO to set and manage employee expectations.

2.19 | F.1

Optiv Global Headquarters1144 15th Street, Suite 2900Denver, CO 80202

800.574.0896 | optiv.com

Optiv is a market-leading provider of end-to-end cybersecurity solutions. We help clients plan, build and run successful cybersecurity programs that achieve business objectives through our depth and breadth of cybersecurity offerings, extensive capabilities and proven expertise in cybersecurity strategy, managed security services, incident response, risk and compliance, security consulting, training and support, integration and architecture services, and security technology. Optiv maintains premium partnerships with more than 350 of the leading security technology manufacturers. For more information, visit www.optiv.com or follow us at www.twitter.com/optiv, www.facebook.com/optivincand www.linkedin.com/company/optiv-inc.

©2019 Optiv Security Inc. All Rights Reserved.

To start preparing for ML and other enablers of digital transformation,

visit www.optiv.com/CDX