AI has been one of the biggest technological developments of the last decade. Cloud security is another growing concern as so many people and businesses move their assets onto digital storage platforms. Both come with increased security concerns, but what happens when you combine the two? On Episode 41 of The Cyber Security Matters Podcast we spoke with Raf Chiodo and Shai Alon, the Chief Revenue Officer and Director of AI Innovation at Orca Security, about their experience of blending AI and cloud security to create innovative new cyber security solutions. Here are their insights: 

The cloud security space is both innovative and hugely competitive. How does Orca Security distinguish itself from some of the other players in the field?

Raf: “First and foremost, we’ve got to make cloud security easy. We’re coming from the days where every little niche and security had a different tool, and the complexity was really overwhelming. We’re taking a holistic view and helping our customers really focus on what matters most. Secondly, the platform has to help stakeholders communicate across teams and make their security tools generate alerts. It’s got to be a great platform to help teams communicate, whether you’re in security or DevOps and engineering or compliance, it’s got to be something that helps facilitate that communication. Our vision and our approach is to help drive more security earlier into the development lifecycle because that creates such strong results. Finally, we’re building partnerships and integrations that really matter, helping customers take this platform approach, and integrating it with other tools that they’re already using, so that they collectively get a better outcome.”

How do you see AI integrating with cloud security?

Shai: “The capabilities brought about by the modern AI are profound. There’s an endless selection of opportunities to create and unlock new value – and specifically in cybersecurity, we found it very useful for enhancing our product and improving the user experience. One of the standout features we developed allows natural language search across the Orca data model by integrating AI. Orca goes and scans all these cloud environments and finds thousands, sometimes millions, of different things. They are often a bit cumbersome to navigate. So we created an AI that lets our customers search using their own words instead of traditional UI filters, and it’s something they really love. It’s been especially popular with non-native speakers who prefer searching in their native language, which is a testament to the accessibility that AI can provide. We’ve been working on dozens of user experience enhancements for the product. Each one unlocks new personas that can use the product because it’s much easier. 

Another interesting avenue that we took is optimizing the workflow of our security researchers. We have dozens of security researchers at Orca who are the ones behind the scenes, creating all the configurations for how you map out the cloud, how you create alerts, how you prioritize these alerts, how you remediate them, etc. It’s a lot of work. Unlike developers that have coding assistance, like GitHub or CoPilot, our cloud researchers have a dynamic field where they are able to create AI that helps them streamline their processes. It can do the tasks that require expertise, but it mainly helps with mundane tasks. For example, our AI helps with creating metadata, so writing descriptions for cloud entities, or documenting alerts with their remediation steps. This doesn’t replace our researchers, it serves as a force multiplier, boosting their productivity and allowing them to accomplish much more.”

What change have you seen in the appetite for customers using AI or learning how AI can influence and impact their cloud security solutions?

Raf: “AI discovery and natural language applications are very natural extensions for customers to expect in their environment. What they love and are surprised about our use of AI to create remediation steps. The overhanging issue in our industry is the skills gap, right? There are so many unfilled jobs of increasing complexity, so any tool that can be used as a force multiplier to boost productivity is greatly welcomed. On the other side though, there’s a lot of concern. We’re starting to see customers require not just a standard master services agreement in terms of service documents, but data security agreements that incorporate AI, as well, covering what data is feeding the models, where the data goes, who owns the data, what the risks are, etc? AI is adding a new complexity that customers are clearly concerned about.”

Where would you hope the cloud security space develops over the next 10 years? 

Shai: “It is a long horizon, but I am looking forward to seeing products that can take action on your behalf. Today, as an industry, we started by just being able to map out what exists and where the risks are, and we’ve transitioned to integrating all your tools to helping you solve problems. I would like to see a future where the products solve the easier problems themselves, and don’t even involve human beings, leaving us to solve the most challenging and influential parts of security.”

To find out more about the relationship between AI and cloud security, tune into Episode 41 of The Cyber Security Matters Podcast here. 

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.