June 7, 2019 By Bill Bonney 4 min read

I remember learning early in my career to be kind to administrative assistants because, besides being hard-working and underappreciated, they were also the ones who controlled access to the executives’ calendars, many critical office functions and, equally important, the 3 p.m. secret sugar stash.

In the near future, we’re going to see the role of office power broker shift from an administrative assistant to a virtual assistant such as Siri or Cortana, which will both assist workers with managing their lives and help them interface with enterprise artificial intelligence (AI)-driven business processes. I see this AI cooperation expanding from scheduling and office functions initially to include decision support systems, customer and workforce interaction and, eventually, nearly all work activities.

With nearly 100 percent penetration in the enterprise and computing power available in a hand-held package that is now rivaling and even surpassing the typical desktop computer, the smartphone looks to be the platform of choice. As this takes hold, chief information security officers (CISOs) will experience the déjà vu of yet another security challenge that requires a delicate balance between workforce productivity, user expectations, and security and privacy.

IBM’s announcement in March 2018 of the availability of Watson Services for Apple Core ML provided a glimpse of the potential synergies between artificial intelligence targeted at legacy business processes and artificial intelligence aimed at the consumer. Watson provides the highly regarded Visual Recognition Service integrated with Apple’s Core ML, which delivers local — and therefore extremely low latency and highly autonomous — core machine learning algorithms for analysis.

Expectations for Virtual Assistants Continue to Rise

Meanwhile, the workforce is acclimating to the capabilities that a virtual assistant provides and increasingly turning to shortcuts to simplify their lives. Shortcuts allow smartphone and smart speaker users to set up simple voice cues to execute commands on the device and even chain together multiple commands spanning multiple apps. Users are getting accustomed to controlling their environments — from their home to their car and their personal space — with voice commands.

They are also adapting to several new paradigms, including robust home automation, mobile platforms such as automobiles and, with the improving capabilities of ride-hailing services, transportation systems in general. With the imminent build out of 5G capabilities, the expectation of an always-on, always-in-control experience will quickly be extended well beyond the home and office.

Along with the smartphone’s penetration into business processes will come a desire to leverage the phone for identity management functions, complimenting the integration with the office suite and business processes. At the same time, individuals will seek to extend the voice control they enjoy with their personal technology experience to their office experience. The opportunity to leverage this capability and familiarity will likely have a shadow — namely, the temptation to make the barrier between personal and enterprise functions on the phone more permeable over time. I believe this will be driven by both the enterprise, to make the smartphone/human combination more autonomous, and by the worker, who will demand seamless functionality.

It’s tempting to ask, “Why isn’t this just another setting for a mobile device management (MDM) system?” But that’s like reducing the cloud to just a virtual data center. Cloud computing and on-demand computing capacity is a paradigm shift we’re still learning to exploit fully. Moreover, I believe the enterprise’s embrace of the cloud and our overly restrictive, often obstructive, approach to dealing with the security implications of cloud computing have helped to slow the CISO’s acceptance into the C-suite.

Winning With Trust and Security

A 2019 report from the IBM Institute for Business Value (IBV), “The Cognitive Enterprise: Reinventing your company with AI,” outlined seven keys to success, suggesting that “a new era of business reinvention is dawning.” Of the seven keys, number four (reinvent company workflows around AI) and number seven (win with trust and security) speak directly to our discussion here. I believe the integration of personal and enterprise AI via the smartphone is going to be an increasingly critical aspect of this reinvention.

This brings us to our opportunity as CISOs. We have all experienced first-hand the challenges of new technology trends that came with enormous security implications. Among these, of course, were both cloud computing and bring-your-own-device (BYOD). In both of these cases, we’ve had to pivot from protecting the enterprise from itself as it dove headlong into these trends, seemingly without consideration for the security implications, to helping the enterprise maximize its investment.

After our initial futile demand that the enterprise abandon cloud initiatives and use only approved secure mobile devices, we had a lot of ground to make up. For cloud deployments, we eventually adopted alternative ways of thinking, such as integrating into the development and deployment process by joining DevOps teams. We have the opportunity to get ahead of the curve this time and help lead the enterprise in a new direction.

What should the CISO do to help usher in this new era of reinvention? Some experts suggest that the CISO will play a key role in enabling the cognitive enterprise. I see the potential risks exposed during the reinvention process as possibly higher than both cloud computing and the introduction of personal devices in the enterprise. I also see the potential rewards as far more significant than either. I think the CISO will be critical, and organizations will need to shift their focus from working with CISOs they view as good risk managers to working with those they see as comfortable leading through risk versus merely managing risk.

The CISO’s Changing Role in the Cognitive Enterprise

Going back to the IBM IBV report, the third key (architect your business for change) taken with the sixth key (reinvent your workforce to ignite talent) gives us vital clues to our changing role. The commonality between the integration of the virtual assistant and enterprise artificial intelligence and the progression to a cognitive enterprise is the flow and use of data.

Personal data, customer data, enterprise data and intellectual property will need to coexist safely and with high trust. The CISO needs to play a leadership role in understanding how all of this data should coexist and how maximum utility can coexist with high trust. In this new era of reinvention, the CISO will be positioned to replace the chief information officer (CIO) as the central technology executive in the cognitive enterprise.

As we evolve the relationship between virtual assistants and humans and between one virtual assistant working with another virtual assistant, I’m hopeful that we’ll have both principles and policy-driven rule sets that will allow for substantial flexibility — yet safeguard corporate assets and ensure data privacy. I just hope for our collective waistlines that we aren’t so quick to pry loose the mid-afternoon sugar stash.

More from Artificial Intelligence

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

How a new wave of deepfake-driven cyber crime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today