CPS@NAB: Google Cloud’s Scales Hypes GenAI

LAS VEGAS — If there was a dominate buzz word at NAB 2024 it was GenAI. And according to Toby Scales, media and entertainment lead, office of the CISO for Google Cloud, there’s good reason.

“Generative AI deserves the hype,” he said, speaking at the Content Protection Summit, held during the NAB Show. “And you need to extend the practices you already have in place to cover the development of AI.”

Scales offered several why GenAI is important and stressed to attendees at CPS that they should be asking questions around GenAI to both stakeholders and partners. He used Google’s Secure AI Framework (SAIF) as a model that can be followed. SAIF calls for the expansion of strong security foundations to the AI ecosystem, the extension of detection and response to bring AI into a company’s threat universe, automated defenses, and more. SAIF ensures ethical and responsible adoption of AI and is modeled to address the biggest questions surrounding AI.

Start with data. “Data is risk,” Scales said. “Anyone working in cybersecurity is aware of this.” And with a lack of regulatory standards around AI (so far) in the U.S., you need a plan. Google aims for responsible data usage by not using customer data to train its models, Scales said, and there’s no third-party backdoor access to customer data.

Next you should be asking what you’re going to build with GenAI. “At Google we have the strong opinion that responsible AI is successful AI,” Scales said. “There’s no one-size-fits-all approach to responsible AI.” GenAI, whatever it’s being used for, needs to be responsible to people first, he added.

And perhaps the biggest question around GenAI is what new threats does it expose? The short answer to that is data,” Scales said, noting that internal business data and source code are the two biggest data buckets that are exposed with GenAI.

“In threat-modeling, use cases matters,” he said. “Start with the use case and do your threat model from there.”

To kick off CPS, Richard Atkinson, president and chairman emeritus of the Content Delivery & Security Association (CDSA) offered an update on the state of the media and entertainment security industry, a look at the day’s program, and a thank you to the CDSA community for its continued comradery.

“We relate to each other more as friends than colleagues,” he said.

Attendees of the CPS event heard from experts on crucial M&E security topics surrounding protecting against insider threats, standards for locking out live event piracy, the importance of risk management assessments, and best practices for production crew identity and onboarding/offboarding. And the increasingly impactful role of AI on security was front and center, as the industry grapples with its benefits and consequences.

CPS was presented by Fortinet, with sponsorship by AMD, Convergent, Digital Silence, NAGRA, Prime Focus Technologies, and EIDR, in association with the NAB Show. The event was produced by MESA and the Content Delivery & Security Association (CDSA).