Welcome to the Azure Security Podcast, where we discuss topics relating to security, privacy, reliability and compliance on the Microsoft Cloud Platform. Hey everybody, welcome to episode 108. This week we actually have the full gang. It's myself, Michael, Mark, Sarah and Gladys. And our guest this week is Diana, who's here to talk to us about securing Gen.ai applications. But before we get to our guests, let's take a little lap around the news. Gladys, why don't you kick things off.
Hi everyone, happy new year. I only have two set of news that I want to discuss about. The first one is about TLS 1.3. Starting March 1st, 2025, Azure services would require using TLS 1.2 or higher in the support for TLS 1.0 and 1.1. This is to enhance the security and provide best-in-class encryption. So all the services will enable 1.3 on the same day and disable the earlier support.
The next news that I wanted to talk about is several features that Microsoft Defender for Cloud released in December. The first one is that they're changing the scanning turbo for AWS and GCP. The scanning turbo settings, which is capturing all the security findings from AWS and GCP, determines how often Defender for Cloud discover that information. So this change ensured a more balanced scanning process and it optimized performance and minimized the risk of reaching API limits.
The next feature that Microsoft Defender changed is the way Microsoft Defender for endpoint will be required in order to receive file integrity monitoring experience. And basically just some of the data provided provide better monitoring information. And last, Defender for Cloud security posture management, sensitive scanning capability will be included in Azure file shares in addition to blog containers.
So in my part of the world, I've gotten a little bit ranty on LinkedIn and the other social networks. Professional, positive, encouraging, but still like kind of really ranting about a couple different things. I've become more and more convicted lately that ultimately there's this sort of simple principle in life that you can't blame someone for decisions or actions they don't make. And the reality is that's often what happens in security.
And so one of the things I've gotten a lot of clarity on and was discussing publicly in the socials was just around, ultimately, the way that organizations treat security is often kind of broken. And so it's like, hey, you don't blame the lawyer if they said, hey, that's a bad idea. Or you don't blame the finance person if the CEO made the decision to spend a whole bunch of money on something that didn't make sense. You know, it's just, you know, but yeah, we do that in security.
We say, oh, you know, they said there's no maintenance windows. They didn't patch it. They didn't configure it. They didn't do any app sec or threat modeling or anything. And we're going to blame the security team who had nothing to do with any of the production of all those things and blame them for the incident.
And so it's this really interesting kind of oddity that we deal with in security where it just hasn't been seen as sort of like a normal support discipline like legal or HR or finance or any of that kind of stuff in an organization. And it really, you know, it's one of the biggest changes, I think, that we need to make as an industry. So I'll pop a couple links to some of these discussions. The other one is just around collaboration.
It's really important that, you know, you look at security as something you do, not something you have. And it's just you're constantly taking inputs from either incidents or other events inside and outside the organization and using those as a stimulus to drive security improvements and run your processes. So got a couple links to those there. And then not quite released yet. So think of this as more of a tease than an actual announce.
But putting the very final touches on the updated CISO workshop and the updated cybersecurity reference architecture. So those are getting close to a release and hopefully we'll have some good news in future episodes very soon. That's all I got. Okay, before we get into my news, I just want to add a bit more detail about the TLS 1.3 item that Gladys mentioned. Correctly she said that, you know, TLS 1.3 provides better encryption.
That is true, better encryption, and it's also a stronger integrity check than prior versions of TLS. But honestly, the most important thing about TLS 1.3 is actually the strongest server authentication that you get. And you get that via better cipher suites. In TLS 1.3, you have to realize that one of the big things that the protocol did is basically got rid of a whole bunch of legacy and pretty lousy authentication ciphers. So they've all gone.
So TLS 1.3 is a lot more streamlined than TLS 1.2 and prior versions. So wherever possible, you should always be going to TLS 1.3 rather than TLS 1.2, even though we do support TLS 1.2 simply because of backward compatibility. With that being said, we are seeing compat problems with TLS 1.0 and 1.1 being deprecated. But honestly, they are so old and so broken that you really should be moving to 1.2 and preferably 1.3. All right, so here's my news. So the first one is from my old stomping ground.
SQL managed instance now supports service endpoints for Azure storage, which basically means that you can restrict where SQL managed instances pull their data from. This lets you really have really fine-grained control over the storage accounts that are used. Net effect is stronger security and honestly better egress control, so reducing the chance that attackers can actually egress data.
Next one is Azure confidential ledger now has achieved SOC 2 type 2 compliance, a big deal for all those who require SOC 2 compliance. And the last one that I have is again from my old stomping ground, Azure database for MySQL now supports accelerated logs by default, including with support for customer managed keys. Accelerated logs are not what we know in the security industry is like log files in terms of audit logs and debug logs and so on. These are actually the transaction logs.
Not only does it support accelerated logs by default, but it also supports customer managed keys as well, which is really great to see. In fact, that's the only reason I brought it up is because it does support customer managed keys as well. So you get a huge performance boost and your log files can still be protected by your own keys. All right, so with that, let's switch our attention now to our guest.
As I mentioned before, our guest this week is Diana and she's here to talk to us about securing Gen.ai app. So Diana, thank you so much for joining us this week. Would you like to take a moment and sort of introduce yourself to our listeners? Sounds good. Hi everyone. Thank you so, so much for having me here today. My name is Diana Misesad. I am a product manager at Microsoft on the Entra Copilot team focused on bringing Gen.ai capabilities to Entra.
So you might have heard of our recent public preview release of security copilot embedded in Entra last November. So super excited to be here today to talk about a very important topic. All right, so this one's actually a very interesting episode because it's actually going to be one of four episodes covering securing Gen.ai applications.
So before we sort of get into the guts of this, Diana, why don't you spend just a quick brief moment and go over why we've got four episodes and just really quickly touch on what the other episodes are so people know what to expect. So with a group of colleagues on the identity space, we wrote a MS Learn article on how you can use Entra capabilities to secure your Gen.ai apps.
So the reason why we're going to have a series of four episodes coming up on this topic is because we do want to take the time to talk about each of the very important steps and each of the very important sections of this article where we're going to share more about how you can use Microsoft Entra capabilities to protect your environment, to protect your Gen.ai apps.
And this is the first episode of this series where we're going to be talking about why it's important to secure your Gen.ai apps, why businesses are implementing AI more than ever and how you can learn more about this because I think it's a topic that everyone should know a little bit about, right? Everyone should be able to understand the impact. Everyone should be able to understand the importance of these topics.
So super excited to kick off this series of four episodes and we hope that everyone enjoys and learns a lot. So most people have heard about AI, actually, hopefully everyone, right? Even my kids keep talking about AI and how to use it in school and things like that. But can you explain a little bit about why it's important to have AI in the side of business today and secure it? Yeah, that's a great question. I always like to say that that's everything in life.
It's always a good and a not so good side of everything. And with AI, it's the same thing, right? We've seen how AI is so helpful for multiple reasons in order to do multiple types of tasks. And many of the organizations that are implementing AI in their operations, they do feel some sort of anxiety about using AI because they're worried about sensitive data, the leakage of sensitive data, right?
So being able to understand some of the risks that are associated with AI, using AI in your operations is so, so important. It's more important than ever, right? And in order to provide a better picture of this, I like to talk about AI discovery. And the way that I think about AI discovery is with every new piece of technology, you know, it's AI is this exciting new thing that everyone wants to learn about, everyone wants to play with AI and AI discovery is great, right?
We can use AI for so many different reasons. For example, you know, if we have a PowerPoint presentation that we're working on with a colleague and we just lost track of it, I can use an AI assistant and say, hey, you know, can you show me what are some of the files that I've been working on with this colleague? An AI assistant can lead me to those files. And that's great, right? Because it really facilitates a lot of the things that we do in our day to day life and at work.
And AI discovery is great, as I said, right? And if I am a bad actor, you know, and this is really important to understand, using AI, AI is also a great piece of technology, because if I'm a bad actor, I can get control of an identity. And this is very serious. And it's way more than just asking, hey, who I am, you know, if I can ask an AI assistant about all sorts of confidential information that I shouldn't have access to, that I shouldn't know about, right?
So it could be like a new product release and things of that nature. So we can really see how AI can really be a force for good for certain situations, but can really be used, you know, for malicious type of intent, right? So understanding that there is a good and a bad of these and how to mitigate the result, you know, the backside of it is really important. So tell me about what are some of the key security risks that are associated with integrating GenAI into business operations?
What are the things that you're seeing on your side of the house that people are worried about? No, I love that question. And I talk a lot about this with my friends as well. Because I was talking about intentional AI discovery, right, which is great. But then there's also unintentional AI discovery. And I think that everyone should know about these organizations, so you have trainings for their teams to make sure that they understand these type of situations.
So you know, discoverability of AI, right? We're talking about, you know, situations where AI systems can provide you with information that you need for your job, for example, right? But then we have unintentional AI discovery, which is situations where the AI system provides you with information that you shouldn't have access to it. I think I provided a quick example earlier.
But in terms of, you know, some of the key security risks that I've seen, and I have stories I was talking to Bailey, who is one of my colleagues that is going to be part of the upcoming episodes on this topic. She was telling me about a story where she heard about this person at her workplace that was asking an AI assistant about some sort of information that she needed for her job, right?
And then she was prompted with information that she realized she shouldn't have access to and she was like, okay, what is going on? So that was a clear example of what happens with unintentional AI discovery. It's not like someone wakes up one morning and is like, oh, you know, like, let me get access to sensitive confidential information. No, it's like literally somebody who is like being told, hey, use AI, it's going to help you for your task and you use it.
And then all of a sudden, the H&AI app is not being well maintained or managed and you have access to multiple files that you shouldn't have access to and you come out across this type of data, right? So for we know that, you know, there are situations like inside a risk where you know that there are people that are trying to do bad things within your organization.
So this could be like, for example, asking an AI assistant for your colleague's performance evaluation, which you know, you are their colleague, you shouldn't have access to that. You are their peer, right? You shouldn't be able to query that type of information with an AI assistant. If you are their manager, you know, you can ask about, you know, evaluations or salary information because you do have access to the data, to the information.
But if you don't have access to that information, you shouldn't come across that with an answer from an AI assistant, right? So you know, really talking about those types of real life scenarios. Another scenario that I have is with healthcare data where you can come across PII of patients or employees. Another example that I heard recently was in finance, right? So if someone in finance, let's say a financial analyst is asking an internal AI assistant about like financial modeling.
If you are working at a big bang and you are, you want to know about like, hey, I'm looking into, you know, what should I be looking at this year in terms of like financial forecasting for such and such industry? And then all of a sudden, you find out about merger and acquisition that on the other side of the firm, someone is working on and you shouldn't know about that, right? So those are examples of unintentional AI discovery and these are very common today.
So how do we make sure that we prevent those situations from happening? That's definitely one of the things that are going to be discussed in the next few episodes with my colleagues, but really, you know, trying to make sure that people understand, hey, these are things that are happening today. And the reason why they're happening is not because of AI, right? It's because we're not doing the basics well. And when we say the basics, we're talking about why are these situations happening?
You know, these examples that I mentioned, they're being caused by things like excessive access. So like people are having privilege that they should no longer have. And this is very common when like people are changing jobs within an organization and they still have the old permissions that they had before, right? And they don't need those anymore, but they still have those permissions. Could also be caused by, for example, improper DLP labeling, right?
So we are not labeling our files the way we should. And it could also be like data isolation. So these are things that are the basics. We should be taking care of these basic things. So one thing that we really want to highlight is like AI is not bad for your organization. AI is not bad for your operations. The reason why these situations keep happening is because we're not doing the basics well. So yeah, that's pretty much some of the examples, real life examples that I have for you all.
Yeah, I really want to reiterate that, you know, Gen A high is all this new stuff and large language models and blah, blah, blah, blah, blah. But you can never lose track of the basics, right? I mean, good secure application development, good secure application design. You should never ever lose track of the basics, even though it's this new whiz bang feature thing. So yeah, I really want to reiterate that.
I also want everyone to know who's listening that, you know, we're really going to focus on some of the depth. This is really an episode to sort of set the frame for the next three episodes where we're going to a lot more depth. I think it's really important that everyone understands kind of what the problem space is and how we're sort of working on it and how you, you know, as a consumer of these products should also understand about how to, you know, how to protect the environment.
By the way, just so if anyone listening is not aware, the prior episode to this, we actually spoke about some aspects of oversharing using basically blueprints, blueprints with a lower case B, not as your blueprints with an upper case B, but just blueprints, like ideas about how you can actually go around securing gen AI applications.
In this one, we're going to go in a lot more detail and some of the other aspects that are, you know, essentially the basics of securing environments for, you know, gen AI environments. So I think this is good. All right. So we've gone over some of the examples. I mean, we could, you know, we could talk about, you know, example, you know, sort of violating gen AI models and getting them to do things they shouldn't do until a blue in the face as many, many, many examples.
So Diana, why don't you just give a quick overview of each of the other two, like what's in episode two, what's in episode three, and then what's in episode four? Yeah. So as I said, and you were also saying, this is just an intro episode to what's to come in the next, the next couple of episodes. So my colleagues from the identity space, as I said, we wrote this MSLearn article, which is all about how to secure gen AI applications with Entra.
So in the next three episodes, we're going to dive deep into the specifics and more technical aspects of using these Entra capabilities. So for example, in episode two of this series, my colleague is going to talk about how to discover over permission issues with Entra. So how to use Microsoft Entra permissions management to identify, to manage over permission identities in multi-cloud environments to reduce security base.
So this is very important and they're definitely going to talk about, you know, other real life examples as well, but getting into the deep technical aspects of it is going to be so helpful. So for anyone interested in learning more about, please, please check out episode two of this series. Then in the next episode, my colleague is going to talk about enabling access control.
So she's going to talk about Microsoft Entra ID governance and how lifecycle workflows can help you also prevent many of the situations that we discussed today. And then finally, in the fourth episode of this series, we're going to talk about monitoring access. So how you can use Entra permissions management, Entra ID governance to monitor the access, to make sure that everything is okay in your environment and that you are preventing this, the situations that are awful, right?
Nobody wants people in their company, in their organizations to have to experience this type of unintentional AI discovery situation. So the next three episodes are going to be very interesting. So if you're, if you're excited to learn more about the technical aspects and these capabilities that we briefly discussed about today, please, please join the whole series. Fantastic.
So with the sort of intro episode out the way, one thing we always ask our guests, Diana, is if you had just one thought to leave our listeners with, what would it be? Yeah, so that's a, that's a great question. I, as I said at the beginning of this episode, I think it's really important to learn about this topic specifically, right? To learn more about what happens when you are using general applications in your, in your organization and you implemented them into your operations.
It's important not only, you know, like as work, someone who works as part of our organization, but even if you are just interested in learning more about AI, I feel like this is a very important aspect of the application of AI in operation. So definitely, you know, like take some time to read about it. There's plenty of information out there to learn more about this topic and please check out the upcoming episodes on, on, on security engineering with Entra.
Okay. Let's bring this episode to an end. Again, Diana, thank you so much for joining us this week. I've been very, very busy. And again, just to level set, you know, this is an introduction to the other three, the other three episodes that are coming out. We hope to do those in relatively rapid succession. So to all our listeners out there, we hope you found this intro of use, at least just give me a background as to what the problem space actually looks like.
And again, we'll, we'll show some real solutions in the next, next three episodes. So again, thank you for listening. Stay safe and we'll see you in the next one. Thanks for listening to the Azure Security Podcast. You can find show notes and other resources at our website, azsecuritypodcast.net. If you have any questions, please find us on Twitter at Azure Setpod. Creative Music is from ccmixtor.com and licensed under the Creative Commons license.