4 Trends That Will Shape AI and Data Security in 2024

2023 was the year everyone started talking about AI. And we do mean everyone: topics which were previously confined to technical brainstorm sessions started popping up in CEO slide decks, then in mainstream media outlets; some of us even found ourselves explaining them to befuddled relatives around the dinner table.

Cybersecurity circles were no exception: Enterprise security teams rushed to wrap their heads around the potential impacts of this new technology, and to determine which guardrails needed to be put in place. 

How will this conversation evolve in the coming year? And which other trends will dominate the conversation in the conferences, Slack channels, and blogs where security folks trade information? Below are the four trends that we believe will define 2024 for data security professionals.

Trend 1: Strategic Focus on AI for Security and Security for AI

Generative AI made plenty of headlines last year. However, production use cases are still few and far between, with data security cited as one of the top concerns hindering further adoption. In 2024, we expect to see enterprise investment in AI go from pilot to live deployment across customer service, marketing, and R&D use cases. From a security perspective, this presents both an opportunity and a challenge.

The opportunity – to make security better with AI: Machine learning has long been part of the security toolset, enabling detection and response capabilities that would be impossible through manual methods alone. Language models show promise for automating threat intelligence gathering, compliance reporting, and other tasks that require human-like processing of textual data. The use of these technologies will accelerate as more mature commercial solutions emerge.

The challenge – to secure AI systems: Enterprises must contend with securing the data used for training and grounding AI, model deployments, and inference data. Many of these attack vectors are completely new, such as data source poisoning and extraction attacks. Other risks are familiar, but now occur at a much larger scale. For example, plans to deploy new AI tools incentivize companies to collect and store any data they can get their hands on - greatly increasing the risks of exfiltration or compliance violations related to sensitive data. Dedicated data and infrastructure protection will need to catch up.

Trend 2: New AI Regulation Will Compound Compliance Challenges 

Security and compliance teams were already stretched in 2023. Maintaining continuous compliance for cloud data has been an uphill battle due to high data volumes, the constant flow of data across complex cloud environments, and the need to adhere to an increasing number of frameworks such as GDPR, SOC 2, and PCI-DSS. The onset of a new wave of AI-related regulation in 2024 and beyond will make things even more complicated. 

The EU AI Act, which is set to come into force in 2025, gives us a glimpse into the regulatory landscape that enterprises will soon be forced to navigate. (If past experience is an indicator, US regulation will not be far behind.) The proposed legislation imposes strict requirements for the use of AI - pertaining to the data used to train or test models, the models themselves, and the specific applications of AI across different domains. Penalties for non-compliance are harsh, including fines of up to €35 million or up to 7% of a company’s annual turnover (over 50% higher than GDPR).

We expect that enterprises will expend significant effort in 2024 to understand the implications of new regulations and enact effective compliance policies. In addition to technology solutions for problems like data classification and AI model monitoring, answering this challenge will require close collaboration between compliance, security, data, and engineering teams.

Trend 3: From DSPM to Data Security 

Data security posture management (DSPM) emerged in force around two years ago, when a host of new startups entered the scene. Dig Security, recently acquired by Palo Alto Networks, rode the crest of  this wave. The technology promised to fill the gaps left by legacy data loss prevention (DLP) and cloud security posture management (CSPM) tools when it came to discovering, classifying, and monitoring sensitive data in cloud data stores.

In 2023, the lines between DSPM and broader data security categories began to blur. By the end of last year, almost no company would define itself exclusively as a DSPM provider. The category leaders incorporated additional capabilities such as data detection and response (DDR) and malware detection to offer more comprehensive data security capabilities. At the same time, incumbent DLP and CSPM players have raced to augment their offerings with DSPM-like features - albeit these did not necessarily deliver the same functionality.

We expect this convergence to continue through 2024, as context-aware data protection becomes fully embedded into larger data security suites. With data embedded across so many technical and business domains, enterprises are realizing that preventing data breaches and compliance violations requires a holistic effort, spanning a wide range of capabilities that must apply regardless of where the data is stored. Standalone DSPM becomes harder to justify.

This is part of a broader trend, namely: 

Trend 4: Increased Consolidation in the Cloud Security Space 

Organizations are growing tired of buying dozens of security tools to tackle incremental challenges in the same domain. The splurge on new software in the years leading up to 2022 has created massively complex environments that are difficult to manage. Licensing costs add up, integrating alerts across tools is messy, and policies are defined across disjointed tools and often poorly synced. 

At the same time, security teams, data teams and compliance groups find themselves solving overlapping problems around data discovery, classification, access controls, monitoring, and reporting. Rather than have each team use their own niche tools, enterprises are looking to standardize on “big tent” platforms to align efforts and policies.

Demand for vertical integration will inevitably lead to consolidation on the vendor side. Point solutions will fade as clients gravitate towards providers who offer integrated detection, protection and response across their entire data and application estate. We already saw a spate of acquisitions in the tail end of 2023 (including Dig Security’s acquisition by Palo Alto); in 2024, we expect market forces to pull further in the same direction.

Much Work to Do… but Plenty to Look Forward To

Is there cause for optimism? 2023 has given security professionals many causes for concern. The pace of change means there’s a lot of catching up to do, and budgets have not increased in proportion with the increasing workload. But there’s a lot to look forward to as well.

While AI deployment creates significant overhead in the short term, in the long term it has the potential to automate a lot of enterprise busywork - including in cybersecurity. This will help address the longstanding issue of burnout in the industry, and improve the overall results businesses see from their security investments.

With data and AI topping every list of mission-critical priorities, the role of data security has never been more crucial. By providing the necessary guardrails, data security teams can give enterprise leaders the confidence to innovate - and play a major role in what might be a defining moment for the future of technology. Exciting times ahead!