I remember learning early in my career to be kind to administrative assistants because, besides being hard-working and underappreciated, they were also the ones who controlled access to the executives’ calendars, many critical office functions and, equally important, the 3 p.m. secret sugar stash.

In the near future, we’re going to see the role of office power broker shift from an administrative assistant to a virtual assistant such as Siri or Cortana, which will both assist workers with managing their lives and help them interface with enterprise artificial intelligence (AI)-driven business processes. I see this AI cooperation expanding from scheduling and office functions initially to include decision support systems, customer and workforce interaction and, eventually, nearly all work activities.

With nearly 100 percent penetration in the enterprise and computing power available in a hand-held package that is now rivaling and even surpassing the typical desktop computer, the smartphone looks to be the platform of choice. As this takes hold, chief information security officers (CISOs) will experience the déjà vu of yet another security challenge that requires a delicate balance between workforce productivity, user expectations, and security and privacy.

IBM’s announcement in March 2018 of the availability of Watson Services for Apple Core ML provided a glimpse of the potential synergies between artificial intelligence targeted at legacy business processes and artificial intelligence aimed at the consumer. Watson provides the highly regarded Visual Recognition Service integrated with Apple’s Core ML, which delivers local — and therefore extremely low latency and highly autonomous — core machine learning algorithms for analysis.

Expectations for Virtual Assistants Continue to Rise

Meanwhile, the workforce is acclimating to the capabilities that a virtual assistant provides and increasingly turning to shortcuts to simplify their lives. Shortcuts allow smartphone and smart speaker users to set up simple voice cues to execute commands on the device and even chain together multiple commands spanning multiple apps. Users are getting accustomed to controlling their environments — from their home to their car and their personal space — with voice commands.

They are also adapting to several new paradigms, including robust home automation, mobile platforms such as automobiles and, with the improving capabilities of ride-hailing services, transportation systems in general. With the imminent build out of 5G capabilities, the expectation of an always-on, always-in-control experience will quickly be extended well beyond the home and office.

Along with the smartphone’s penetration into business processes will come a desire to leverage the phone for identity management functions, complimenting the integration with the office suite and business processes. At the same time, individuals will seek to extend the voice control they enjoy with their personal technology experience to their office experience. The opportunity to leverage this capability and familiarity will likely have a shadow — namely, the temptation to make the barrier between personal and enterprise functions on the phone more permeable over time. I believe this will be driven by both the enterprise, to make the smartphone/human combination more autonomous, and by the worker, who will demand seamless functionality.

It’s tempting to ask, “Why isn’t this just another setting for a mobile device management (MDM) system?” But that’s like reducing the cloud to just a virtual data center. Cloud computing and on-demand computing capacity is a paradigm shift we’re still learning to exploit fully. Moreover, I believe the enterprise’s embrace of the cloud and our overly restrictive, often obstructive, approach to dealing with the security implications of cloud computing have helped to slow the CISO’s acceptance into the C-suite.

Winning With Trust and Security

A 2019 report from the IBM Institute for Business Value (IBV), “The Cognitive Enterprise: Reinventing your company with AI,” outlined seven keys to success, suggesting that “a new era of business reinvention is dawning.” Of the seven keys, number four (reinvent company workflows around AI) and number seven (win with trust and security) speak directly to our discussion here. I believe the integration of personal and enterprise AI via the smartphone is going to be an increasingly critical aspect of this reinvention.

This brings us to our opportunity as CISOs. We have all experienced first-hand the challenges of new technology trends that came with enormous security implications. Among these, of course, were both cloud computing and bring-your-own-device (BYOD). In both of these cases, we’ve had to pivot from protecting the enterprise from itself as it dove headlong into these trends, seemingly without consideration for the security implications, to helping the enterprise maximize its investment.

After our initial futile demand that the enterprise abandon cloud initiatives and use only approved secure mobile devices, we had a lot of ground to make up. For cloud deployments, we eventually adopted alternative ways of thinking, such as integrating into the development and deployment process by joining DevOps teams. We have the opportunity to get ahead of the curve this time and help lead the enterprise in a new direction.

What should the CISO do to help usher in this new era of reinvention? Some experts suggest that the CISO will play a key role in enabling the cognitive enterprise. I see the potential risks exposed during the reinvention process as possibly higher than both cloud computing and the introduction of personal devices in the enterprise. I also see the potential rewards as far more significant than either. I think the CISO will be critical, and organizations will need to shift their focus from working with CISOs they view as good risk managers to working with those they see as comfortable leading through risk versus merely managing risk.

The CISO’s Changing Role in the Cognitive Enterprise

Going back to the IBM IBV report, the third key (architect your business for change) taken with the sixth key (reinvent your workforce to ignite talent) gives us vital clues to our changing role. The commonality between the integration of the virtual assistant and enterprise artificial intelligence and the progression to a cognitive enterprise is the flow and use of data.

Personal data, customer data, enterprise data and intellectual property will need to coexist safely and with high trust. The CISO needs to play a leadership role in understanding how all of this data should coexist and how maximum utility can coexist with high trust. In this new era of reinvention, the CISO will be positioned to replace the chief information officer (CIO) as the central technology executive in the cognitive enterprise.

As we evolve the relationship between virtual assistants and humans and between one virtual assistant working with another virtual assistant, I’m hopeful that we’ll have both principles and policy-driven rule sets that will allow for substantial flexibility — yet safeguard corporate assets and ensure data privacy. I just hope for our collective waistlines that we aren’t so quick to pry loose the mid-afternoon sugar stash.

More from Artificial Intelligence

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

AI reduces data breach lifecycles and costs

3 min read - The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to businesses not using AI-based cybersecurity tools. The report found that the more an organization uses the tools, the greater the benefits reaped. Organizations that extensively used AI and security automation saw an average cost of a data breach of $3.60…