Cloud Security, Cloud migration, AI/ML
BrandView

Unpack the stack: Understanding modern AI security challenges during cloud migration

Artificial Intelligence, cloud icon, bright blue, tech-themed background, digital circuits, high-tech imagery, data processing, futuristic design, neon lighting, electronic landscape

(Adobe Stock)

Despite record-breaking adoption rates last year, interest in artificial intelligence continues to accelerate. AI is becoming increasingly integrated into core business operations, with many leaders seeking to use AI to completely reimagine current business processes. Today, 72% of companies have integrated AI into at least one business function, and 65% have embraced generative AI specifically.

What’s more, organizations are beginning to develop their own foundational models and AI applications. McKinsey reports that 47% of companies either significantly customized existing models or developed proprietary models last year, with many opting to migrate their AI stack to the cloud for enhanced scalability and security controls. It’s estimated that GenAI is responsible for half of the increase in cloud service revenues in 2024.  

However, in the process of cloud migration, organizations can often overlook critical security components. This article will explore the key security elements that companies should prioritize when migrating their AI stack to the cloud.

AI demands security at every layer of the stack

The AI stack refers to the layers of technology that enable an AI system to work, encompassing everything from the computer chip that performs AI tasks to the application itself. The primary layers include:

  • Application Layer: This is the layer that users see and interact with when using AI, whether the model is delivered as a mobile app or a web-based chatbot. It’s also where application programming interfaces (APIs) connect to the larger AI system to fulfill user requests.
  • Orchestration Layer: This layer manages and automates the deployment, scaling, and execution of AI workloads across the cloud environment.
  • Data Layer: This layer stores, manages, and prepares the vast amounts of structured and unstructured data processed by AI models. To better improve the accuracy and relevancy of AI-generated responses, organizations can use retrieval augmented generation (RAG) to ground commercial models in proprietary data, which typically lives in a storage account. Because AI workloads are so data and compute-intensive, data storage must be secure and scalable enough for the workloads to access, ingest, process, and store data efficiently and effectively.
  • Infrastructure Layer: This layer powers the processing AI systems demand. It includes infrastructure components like virtual machines (VMs), web applications, and containers.

    • Integrating robust security protections within and across each layer of the AI stack forms the foundation for trustworthy AI. However, the data and infrastructure layers are particularly prone to poor integration during cloud migration. Organizations need a vendor that offers both security and cloud capabilities to fill this gap.

    Cloud-native approaches enable multi-layered AI security

    When creating an end-to-end security approach that’s tailored to the demands of modern AI workloads during migration, organizations must incorporate a diverse set of security practices, including vulnerability management, data security, identity and access control, and real-time monitoring and threat detection. These functions must scale to handle the performance demands of AI systems while also meeting the unique security needs of various AI workloads.

    There are two main types of AI workloads that organizations must protect:

    • Data Processing Workloads: AI environments are rich in data, which can create significant database and storage security challenges. Not only do traditional storage protections struggle to handle the sheer amount of data storage that AI requires, but attackers frequently target these data stores with injection and brute force attacks. Threat actors also target cloud storage accounts with malware to compromise valuable data.

      • Security for AI storage, database, and data handling workloads must:

      • Identify and mitigate threats at the file level and identify incidents that target sensitive data specifically.
        • Use intelligence to analyze threats to sensitive data and expedite remediation.
        • Scan stored and newly uploaded data for malware, and quarantine or delete malicious files.
          • Training and Inference Workloads: Securing the servers and VMs that run AI tasks is also critical. Legacy server security solutions often struggle to handle the complexity and demands of AI workloads without degrading performance.

            • To enhance AI security and protect VMs, server security should:

            • Manage risk and adhere to industry standards with comprehensive monitoring and centralized policy enforcement.
              • Minimize posture risks with efficient vulnerability scanning, access control, and privilege management.
              • Detect and respond to attacks in real-time while addressing emerging cloud VM threats to defend at the speed of AI training and inference.

                • A secure AI-driven migration requires a security strategy for every type of AI workload. Using a holistic end-to-end security platform approach and integrating security with your cloud provider increases efficiency. Not only does cloud-native security offer system-wide visibility and centralized tooling that reduces AI security complexity without impacting workload performance; it also streamlines the migration process and reduces siloed management experiences. Further, its integration into each infrastructure layer enables more intelligent and accurate threat detection and response, including attack path analysis and automated response.

                For IT teams struggling to adapt to evolving AI security demands during cloud migrations, visualizing the security needs across multiple layers of the AI stack can help drive clarity. To learn more about how cloud-native approaches can reduce complexity while enabling more sophisticated threat detection and response, visit Microsoft Defender for Cloud | Microsoft Security.

                An In-Depth Guide to Cloud Security

                Get essential knowledge and practical strategies to fortify your cloud security.
                Abhi Singh

                Abhi Singh is a seasoned cybersecurity professional with a wealth of experience in cloud security and compliance. Currently, as a Global Black Belt – Security at Microsoft, Abhi provides strategic guidance to enterprise customers on adopting cutting-edge security solutions like Defender for Cloud. He holds multiple certifications such as AWS SA Professional, AWS Security Specialty, CISSP, CDMP, CISA, CRISC, CISM, and CCSK, Abhi has been a prominent speaker at industry events like AWS Public Sector Summit and AWS ReInvent, sharing insights on ransomware preparedness and API security.

                Related

                Ongoing web skimmer campaign taps deprecated Stripe API

                Nearly 50 online merchants have already been compromised in intrusions exploiting Stripe's legacy application programming interface "api.stripe[.]com/v1/sources" for payment data validation part of an advanced web skimmer campaign that has been underway since August, according to The Hacker News.

                Related Events

                Get daily email updates

                SC Media's daily must-read of the most current and pressing daily news

                By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

                Related Terms

                ARPANETAutonomous SystemCloud ComputingGreynet

                You can skip this ad in 5 seconds