/jan 16, 2024

Implementing AI: Balancing Business Objectives and Security Requirements

By Brian Roche

Artificial Intelligence (AI) and machine learning have become integral tools for organizations across various industries. However, the successful adoption of these technologies requires a careful balance between business objectives and security requirements. I sat down with Glenn Schmitz, the Chief Information Security Officer of the Department of Behavioral Health and Developmental Services in Virginia, as he shared valuable insights on implementing AI while ensuring safety, security, and ethical considerations. Here are some of the key takeaways. 

Understanding Business Objectives and Security Requirements Starts with Fundamentals 

When Schmitz joined the organization, he recognized the need to understand the overall security maturity level. By aligning business objectives with security requirements, he aimed to enable the business to achieve its goals in a safe and secure manner. 

Schmitz shared: "I started at a very fundamental level. Security is here to protect the business and enable the business to do their job safely and securely. We're not here to say no anymore." This shift in perception transformed the security department from being seen as a roadblock to becoming a valuable partner within the organization. 

Implementation Must Be Managed and Oversight Ongoing 

While AI offers significant benefits, Schmitz emphasizes the importance of managed implementation and ongoing oversight. Addressing concerns about job displacement, he assured the IT department that AI would be monitored to ensure compliance with policies and regulatory requirements. "We're going to monitor the use of these tool sets. If they stray outside the lines, we're going to ask what's going on,” said Schmitz. 

A review process for synthetic data sets produced by AI was implemented to guarantee anonymization and unbiased results. Understanding how AI systems reach their decisions is crucial for maintaining transparency and accountability. 

Ethical Considerations Are Paramount 

Schmitz highlights the paramount importance of ethical considerations when implementing AI. Unlike humans, machines lack built-in ethics, making it necessary to involve the human element in the decision-making loop. Human review of AI decisions ensures alignment with societal norms and ethical standards. Additionally, biases in AI systems and data sets must be identified and corrected to prevent discriminatory outcomes. 

"We teach our children from a very early age, if you hit somebody, that's wrong. And our kids have kind of a built-in ethics. Machines don't have that," Schmitz said. "We have to take that into consideration as we move to the autonomous AI, that the human element has to be either on or in that loop of decision making." 

Additional Insights and Achievements 

Throughout our conversation, several key insights and achievements emerged: 

  1. Overcoming Challenges: Schmitz faced the challenge of understanding the environment and ensuring safety and security during the COVID-19 pandemic. 

  1. Changing Perceptions: The security department successfully transformed its image from a roadblock to an enabler for the business, fostering collaboration and achieving shared objectives. 

  1. Synthetic Data Sets: The department utilized AI to generate synthetic data sets, reducing risk and addressing privacy concerns. 

  1. Data Quality and Predictive Analytics: The AI tool helped identify and fix data quality issues, as well as predict future demands based on current and census data. 

  1. Government Focus: The Biden Administration's AI Executive Order emphasizes the promotion of safe and fair AI usage and the protection of privacy. 

  1. Patient Implementation: The department approached AI implementation with patience, setting realistic timelines, and upskilling the team to ensure a smooth transition. 

Implementing AI and machine learning tools within an organization requires a comprehensive understanding of both business objectives and security requirements. By adopting a managed implementation approach, organizations can harness the benefits of AI while ensuring compliance, transparency, and ethical decision-making. The human element remains essential in the loop of AI decision-making to uphold ethical standards and align with societal norms. As AI continues to evolve, organizations must prioritize the safe and responsible use of these technologies to drive innovation and achieve their goals. 

If you’re interested in learning more about AI and secure software development, check out our AI resource hub

Related Posts

By Brian Roche

Brian Roche is the Chief Executive Officer of Veracode and a recognized expert in Application Security Engineering, Cloud Native Technologies, Cloud Operations and AI. An award-winning cybersecurity leader and a pioneer of the early DevOps movement, Brian is also a passionate public speaker on AI, Application Security, DevOps, and digital transformation. With over 25 years of leadership, he has a proven track record of helping global enterprises transform their people, technology, and strategic advantage to compete and succeed in the digital economy.