The expansion of artificial intelligence (AI) and machine learning (ML) applications is spreading in data centers faster than cat memes on Instagram, finding their way into everything from corporate firewalls for threat hunting to energy management and physical security to incident response. During the next five years, 20% of Ethernet switch ports will be to AI-based servers, according to new research from Dell'Oro Group.
So how pervasive will AI be, and will it be a real sea change for chief information security officers (CISOs) and security teams? The answer is a definitive: It depends.
The move to AI-enabled devices already started, according to the 2023 State of the Data Center report from CoreSite, but their value and capabilities to data center management still need to be proven and the bugs ironed out, despite the heavy marketing campaigns from vendors and pop culture references.
Despite the hype, AI is still in its nascent stages as vendors and users alike try to determine the most productive, efficient, and cost-effective ways to employ the technology, noted Pete Hoff, CISO and global vice president of security and managed services at the consulting firm Wursta.
Hoff, who spent almost 20 years in data loss prevention, recommends that before an organization starts investing in AI, it should ensure it has accurate, working data models. Next, he recommends having appropriate development parameters around building your models and how you conduct your analysis. "You're not going to get good outcomes unless you have a plan, and you need a clear plan for what you think you need," he said. "Asking the right questions is half the battle."
Clearly Identify and Define Expected Outcomes
Hoff recommends identifying expected outcomes and defining what those need to be. This would include outcomes concerning data storage and lifecycle management of the data. Without having expectations on the results and understanding clearly the input, one cannot judge the efficacy of the output.
Some potential cybersecurity threat could fall through the cracks if definitions are incomplete and outputs clearly defined, he noted.
"Imagine monitoring all of the wave, radio wave, communications, microwave — every little bit of communications that might come into that data center and understanding what the threats might be either on person or technology that people might bring in," he said. "Most data centers nowadays don't allow you to bring cell phones and other devices. I would venture to say that I can probably install hardware in my rack that allows me to sniff everybody else. I can remote into my own devices and utilize the technology to do anything I want, within the radius of its capabilities."
Many security professionals still have misconceptions about what AI can do and how much it costs. While some CISOs and corporate executives have expectations of AI being potentially a game-changer to reduce corporate costs and expenditures by replacing staff, these are unlikely expectations, according to Mauricio Sanchez, senior director of market research at Dell'Oro Group.
For the foreseeable future, human analysts will still review and confirm important decisions made by AI, Hoff said. While AI can replace some mundane parts of jobs, such as data collection, "somebody has to look at this data and determine whether or not the AI is making the right choices," he said. "I think that's going to be around for a while; we're not going to trust the machines for quite a while."
Do Your Homework Before Investing in AI
Potential users are still in the analysis phase trying to determine if the technology is functional and beneficial as a first-generation offering or if they should wait until vendors get the bugs out and improve the capabilities, Sanchez said. He advises CISOs to do that analysis to determine if the AI technology can improve security operations center (SOC) capabilities, reduce risk, and have a positive return on investment. Buying a technology based on faith alone is a losing proposition.
Sameh Boujelbene, a vice president who leads the enterprise market research programs at Dell'Oro Group, said most AI features today are offered on a subscription basis, meaning you buy a multiyear license to ensure you receive the performance or other value you expected. Should the buyer not know how to take advantage of the service or the service not meet their expectations, valid or otherwise, the client likely would not be renewing the subscription.
"That's why a lot of the vendors are now trying to push for not just subscription, but adoption," she said. "There is a real awareness from vendors that the salesperson's job is not just to sell a subscription — the salesperson is to sell a subscription and make sure the customer is using it."
Sanchez added, "This is the classic technology curve, adoption curve that there's overinflated expectations and people are tripping up themselves on whether it's sensibly or generation-one solutions." When there are new technologies or shifts in technology adoption and vendors do not get it right in the first generation, it can require several more efforts before companies come back to that technology, he noted.
"The potential impact of AI on managing the data center itself goes beyond operational efficiencies," said Ani Chaudhuri, CEO at Dasera, a cloud-based data security platform that automates data security and governance controls. "AI can enable intelligent workload orchestration, dynamically allocating resources based on real-time demand and optimizing performance," he said. Automation, Chaudhuri noted, can lead to improved scalability, faster response times, and cost optimization, as AI systems continuously learn and adapt to evolving workloads and changing conditions.
However, there can be unintended consequences when integrating AI into data center management. "AI systems are only as reliable as the data they are trained on, and biases or inaccuracies in the training data can lead to flawed decision-making," Chaudhuri said. "There is also the risk of over-reliance on AI systems, where human oversight and critical thinking may be diminished. Data centers must balance leveraging AI capabilities and maintaining human expertise to ensure a holistic approach to managing and securing the data center."