Perhaps one of the defining features of today’s AI age isn’t the technology itself but the technology partnerships that drive client business outcomes. The union of IBM and Cognizant is one such example.
IBM is a renowned multinational technology firm, and Cognizant is a specialist in IT consulting that has assisted clients with technology modernisation for three decades.
This partnership between Cognizant and IBM brings together minds with expertise from a century of business, combining them with fresh talent to efficiently address some of the most pressing challenges with even more intelligent technologies.
In our conversation, it becomes clear that Cognizant and IBM’s partnership is one of great intentions, particularly regarding enterprise cybersecurity.
Mr. Pawan Gupta, Senior Director of Global Security Services at Cognizant, and Dr. Sridhar Muppidi, IBM Fellow & CTO of IBM Security, join this conversation to emphasise how their partnership delivers both offensive and defensive capabilities to corporate cybersecurity functions.
Mr. Gupta highlights significant changes in the company’s operational model and collaborative approach.
“We are wholly focused on our service delivery capabilities and are known for it. Our resources are well-trained and tailored to meet the needs of our clients. In the last four or five years, one of the things that has changed at Cognizant is our association with our partners, to be leading along with partners,” says Mr. Gupta. “This partner-based growth is not necessarily for cybersecurity practice, but across Cognizant, and involving everything we do.”
As Mr. Gupta explains, Cognizant’s approach to partnerships has shifted in recent years. “We are now growing along with partners, working with them and provisioning solutions using the products that exist in our partner network. We will continue with that strategy in the future.
“This is one of the reasons why Cognizant and IBM have maintained their partnership for such a long duration. Moving forward, our focus on developing solutions with partners like IBM will be our key strength.”
Leveraging such technologies brings Dr. Muppidi into the conversation, as IBM holds industry-leading expertise in developing solutions. Dr. Muppidi enriches this discussion with his extensive experience with security across multiple disciplines. He has over 25 years of experience in building security products, delivering outcomes for our clients, and leading technical teams. He is an industry-recognised thought leader who develops efficient security capabilities for bleeding-edge technologies. Today, his work at IBM with Security and AI continues to define the cybersecurity strategy in this evolving new industry dimension.
Firstly, Dr. Muppidi shares his view of the threat landscape, which continually evolves with technologies required to keep intruders out. From how attackers launch devastating attacks to how organisations should think proactively versus reactively in their defences, Dr. Muppidi describes his role as an industry catalyst, learning and securing technologies over the last 30 years.
“That's the beautiful thing about cybersecurity for people like me who love to learn,” he says. “The more you learn, you find out how little you know, and the more you continue to learn.”
Mr. Gupta chimes in here, elaborating on Cognizant’s approach to this evolution in the cyber landscape and why the partnership with an industry leader like IBM is crucial to the cause.
This has highly influenced Cognizant's trajectory, which continues to develop further. Indeed, time is a prominent factor in success – organisations need time to adapt or innovate.
Moreover, the team had to deliver solutions for multiple threats and environments to become a holistic cybersecurity provider for its clients.
“We cannot be focused only on one specific area,” says Mr. Gupta. “Our services are comprehensive. We cover identity and access management, which has been gaining a lot of traction in recent years.
“But, one important thing – which a lot of people don't know about Cognizant – is that when the entire world didn't focus on identity security, we started our cybersecurity division with identity security. Cognizant has always been futuristic in its choice!”
Dr. Muppidi also introduces a critical piece to this enterprise cybersecurity conversation – the evergrowing complexities of the threat landscape and how to act on them. Dr. Muppidi helps simplify the requirement as “the ability to predict, prevent, and respond to modern-day threats.”
He continues: “How do we create a good understanding of that entire risk spectrum from the outside-in – from an attacker's perspective? We do this by understanding the attack surface and using machine learning to identify the risk, proactively protect, accurately detect and respond faster.”
The power of Gen AI for cybersecurity
So, how can Gen AI play this role in making cybersecurity programs more efficient and enabling business transformation?
AI has become essential in cybersecurity, assisting short-handed security teams in dealing with many alerts generated from products that don't necessarily talk to each other. Dr. Muppidi says: “Gen AI extends AI’s benefits to alleviate human bottlenecks further and deliver productivity gains. It is a power tool that assists the security team in accomplishing tasks faster. Examples include accelerating investigation with Gen AI-based incident summarisation, Q&A/chatbots and responding faster with Gen AI-based policies and query generation to enable automation.
“Beyond the initial use cases for assisting security teams in reducing toil and acting faster, we see Gen AI playing a significant role in organisations evolving to be more proactive. Gen AI will improve security by finding elusive threats sooner, automating dynamic workflows without human involvement and eliminating high-volume, low-risk incidents so that the security teams can focus on alerts that matter the most.
“Like with any new technology, it’s paramount that we recognise the new security risks Gen AI brings and safeguard its usage,” he adds. “Attackers will target underlying datasets for training and tuning models, model vulnerabilities and supply chain dependencies, workloads and applications.”
Collaboration between tech teams
While we understand the potential impacts of Gen AI on businesses and the threats imposed on them, the partnership of technology providers like IBM and Cognizant ensures the responsible use of Gen AI to enable global enterprises to harness the power of Gen AI to drive security outcomes.
From Mr. Gupta’s perspective, the investments made by IBM prove fundamentally beneficial to Cognizant as it develops its solutions further.
Mr. Gupta highlights some of IBM's critical developments that drive corporate security leadership. “IBM has added several innovations to expand its security product portfolio,” he says. “One was attack-surface management; another was endpoint detection and response, and open threat management platform to automate investigation and response to threats.
“My next approach is to take our SOC, which was SOC 1.0 built on QRadar, and develop it to SOC 2.0, giving rounded and robust XDR services. Because the product has gone from an on-prem solution to a cloud-native solution and is now a one-stop platform, it covers not only the SIEM but also attack surface management, EDR and SOAR services.”
Dr. Muppidi adds: “Cognizant not only deployed IBM products within their organization but also created multiple solutions for our customers.”
Mr. Gupta agrees: “Most of the products in the IBM security portfolio have been used within Cognizant as well as for our customers, and the most important aspect of that relationship is the launch of our Cognizant threat defence platform – the core of which is IBM's QRadar.”
The ethical aspects to consider
Knowing that the IBM-Cognizant partnership is longstanding and will continue to provide differentiated services for years to come, the industry’s next question is robustness and ethics. While many organisations expand into AI, IBM differentiates itself by light years by focusing on Responsible AI.
Gen AI brings multiple risks, and Dr. Muppidi highlights data security and privacy as an example. “Ethics is just one aspect of the risk – there are several other things. We use a simple framework for securing Gen AI to ensure we look at the complete AI solution.”
With this, he explains a rather unusual analogy that outlines accountability and transparency to ensure the right Gen AI for the right purpose. “How do you ensure that it’s accountable and governed? It's very similar to adding the nutritional label on a bag of chips to enable the right snack consumption,” says Dr. Muppidi, whose description of accountability seems to liken itself to transparency.
This accountability allows both IBM and Cognizant to gain a greater understanding of AI’s future, particularly regarding protecting businesses and their assets. Their roles as key leaders of global organisations and subject matter experts in this space allow both Mr. Gupta and Dr. Muppidi to visualise oncoming threats in the future, which – in some cases – may come from unknowing client situations themselves.
“The most important concern from my side is that organisations are rushing to use large language models (LLMs) without having robust data security practices. So, data leakage – data security – is the primary concern across all industries as far as AI is concerned,” says Mr. Gupta.
Dr. Muppidi says: “There is no AI without IA (Information Architecture).
“The secondary concern is the impact on supply chains. There is enormous usage of AI in code development and applications, but no one is in a position right now to say that the code has exposed them to back doors or maybe even malicious content—this could become part of an application and will be shipped across.”
He adds: “While there will be further developments to secure Gen AI, we must recognise the basics as we adopt AI, i.e., a programme for compliance and governance and securing the infrastructure and the applications using Gen AI.”
The two experts' comments make it clear that governments and industries have collaborative roles to play in making Gen AI suitable for everyday use and addressing the risks associated with doing so.
The pair put regulation high on the priority list as more consideration is to be given to the ethical use of AI and, in fact, the safe use of AI.
“With the cloud journey, the industry first adopted the shared responsibility model,” Mr. Gupta explains. “With AI right now, we haven't defined any shared responsibility model, and there are three elements that we currently speak about: the data, the algorithm, and then the application of it.”
With multiple cybersecurity elements and complexities in Gen AI, regulations are vital to ensuring the development of LLMs for high-profile functions. They will also standardise how such technology is used in variable environments.
**************
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
**************
Cyber Magazine is a BizClik brand
