Panel discussion at CES 2024: How Will AI Impact the Jobs of the Future?

Integrating AI and cloud technology is reshaping auditing processes, requiring GRC and cybersecurity professionals to adapt to new tools that centralize risk and compliance activities. This shift improves efficiency and accuracy in audits, allowing for real-time monitoring and streamlined workflows. Companies increasingly use AI-driven solutions to automate routine tasks, such as data analysis and cybersecurity anomaly detection, freeing up professionals to focus on more complex issues. Globally, auditors are expected to implement AI tools for tasks like sampling, risk identification, and data analysis. While this may increase audit efficiencies, audit clients are likely to ask for cost concessions.

While data privacy is becoming more regulated every year, it is still a matter that, today, largely comes down to trust, said Kayne McGladrey, a cybersecurity strategist at Ascent Solutions. As the backlash in the wake of the Cambridge Analytica scandal shows, what people expect from the companies they do business with is just as important as the laws that govern the use of their data.

“Today’s data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms,” McGladrey said. “Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer’s consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms.”

“Where cloud analytics shine is in detecting a repeated series of risky actions by an individual user account [that signal] a business email compromise followed by a ransomware attack,” he said. “Cloud analytics allow organizations to detect and prevent these and other attacks not only at scale but also faster than traditional investigative techniques.”

Confidential computing also is an emerging technology meant to protect data in use, said McGladrey of the IEEE.

“Confidential computing can allow the processing of data from multiple parties without sharing the input data with those other parties,” he said. “For example, if an organization wants to perform processing on a large set of healthcare data collected from multiple third-party organizations, properly configured confidential computing potentially permits those third parties to provide their data for processing in aggregate. In this scenario, not even the cloud provider can see the cleartext data provided by the third parties, or the results.”