February 27th, 2018
Ed Snodgrass, CISO, Secure Digital Solutions
Artificial Intelligence and machine learning are exciting capabilities that will undoubtedly impact the cybersecurity industry. The potential benefits are staggering. Intelligent machines could implement algorithms to identify cyber threats in real-time and provide an instantaneous response. So-called Software Designed Secure Networks (SDSN), for instance, are already exploring elements of this functionality, showing promising increased efficiency of security teams. It makes sense for organizations to explore ways to benefit from this technology too because cybercriminals will deploy the same functionality, furthering the cyber arms race. Unfortunately, it’s not plug-and-play. There are significant, and obvious, questions an organization looking to leverage machine learning must answer.
- Do we have the staffing and skillset in-house?
- How will AI integrate with and augment our current technology stack?
- How will we manage the data?
There are many more, but there’s also a significant question that may not be as obvious. Can our processes support such advanced analytical capabilities?
A recent Gartner survey evaluated 196 organizations and found that most companies aren’t currently mature enough to be able to leverage the functionality of AI. One of the authors of the survey, Jim Hare said the following: “Fundamentally machine learning is built on not only having the right skills, but the right processes, and the right data in place to be able to feed these machine learning models.” This is a key observation and one that must be considered if machine learning is to help security teams mitigate risk. At its core, the Gartner survey overlays the maturity of the organizations assessed using its Maturity Model for Data and Analytics – a 5-tier scale similar to the CMMIodel – with level 1 being basic and level 5 considered transformational. According to the survey data, 48 percent of organizations in Asia Pacific (APAC) reported their data and analytics maturity to be in the top two levels. This compares to 44 percent in North America and just 30 percent in Europe, the Middle East, and Africa (EMEA). Most respondents worldwide assessed themselves at level three (34 percent) or level four (31 percent). Twenty-one percent of respondents were at level two, and 5 percent at the basic level, level one. Only 9 percent of organizations surveyed reported themselves at the highest level, level five, where the biggest transformational benefits lie.
What’s all that data for?
Interestingly enough, improving process efficiency was the most common business problem that organizations sought to address with data and analytics, with 54 percent of respondents worldwide listing it among their top three problems. Enhancing customer experience and development of new products were the joint second most common uses, with 31 percent of respondents listing each issue. The survey also revealed that, despite a lot of attention around advanced forms of analytics, 64 percent of organizations still consider enterprise reporting and dashboards their most business-critical applications for data and analytics. In the same manner, traditional data sources such as transactional data and logs also continue to dominate, although 46 percent of organizations now report using external data.
How then, does an organization begin assessing its maturity and readiness to utilize machine learning? A good place to start is to evaluate the processes upon which the technological capabilities offered through AI will depend. For example, if data management and reporting is still done in silos using spreadsheets, chances are that model will quickly become overloaded and cumbersome. Those processes will need to be matured to a point that the vast amount of new analytical information can be quickly and efficiently gathered, assimilated and communicated so that decisions can be made as quickly as possible to mitigate risks.