ConnectWise CISO On AI Responsibility: ‘We Can’t Just Develop Something And Throw It Out There’
ConnectWise CISO Patrick Beggs speaks with CRN at the IT Nation Secure conference after the company unveils its new AI Responsibility Use Case and AI Oversight Committee, created he says not because artificial intelligence is an ‘unknown’ but because of how quickly it is developing.
AI is turning into an arms race and ConnectWise wants to be ahead of the pack.
At ConnectWise’s IT Nation Secure conference in Orlando, Fla., this week, the company unveiled its AI Responsibility Use Statement and AI Oversight Committee to “watch the watchers,” according to Patrick Beggs, ConnectWise CISO.
“What we’re trying to do is let folks know that, it’s the whole cliche statement: ‘We’re here for good, not evil,”’ Beggs told CRN. “We’re not trying to take over the world in a sense and be agnostic of, for lack of better terms, the feelings of end users or just the community in general. But honestly, the industry as a whole is making this up as we go along. That’s why we had to put up gates to say, ‘Listen, we can’t just develop something and throw it out there.’
The AI Responsibility Use Statement outlines the Tampa, Fla.-based vendor’s commitment to data protection, transparency, reliability and safety, collaboration and compliance.
“At ConnectWise we are committed to the responsible development and use of AI as we continue to deliver innovative solutions and improve efficiency and value that drives those outcomes for you and your clients,” said ConnectWise CEO Jason Magee at the show. “We recognize the importance of ethical considerations, user trust and protecting your data and your clients’ data.”
And to further help MSPs and their customers, the vendor has partnered with the Cybersecurity and Infrastructure Security Agency-established Joint Cyber Defense Collaborative. The JCDC helps to “unify cyber defenders from organizations worldwide. This diverse team proactively gathers, analyzes and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response,” according to its website.
The JCDC has a whole host of partnerships with companies in the channel, including ConnectWise, N-able, CrowdStrike and Microsoft, to name a few.
CRN spoke to Beggs about the JCDC partnership, AI and how ConnectWise wants to help partners on their AI journey.
Why should partners care about ConnectWise’s partnership with the JCDC?
From our Perch [Security] to our SOC [Security Operations Center] partners, they’re getting seamless protection they don’t see at this point because of the information flow that’s coming in from the automated information from the JCDC. One of the points of what CISA is doing is for critical infrastructures to be able to protect them from things that they see that we wouldn’t normally see. They do flash advisories. They do go out to the broader communities, but we get them first. And in this game, speed matters.
If there’s an active campaign against my industry and I can block it, I will. We don’t want to hoard it to our customers; I’ll put it on Reddit. We’re not selling this to people. There’s no way I would [withhold] any of this information from somebody that isn’t a ConnectWise partner. I’ll give it to anybody.
What's your goal with that partnership?
Honestly, it’s awareness. The whole goal is small- and medium-business protection. They can’t afford cyber insurance, which makes me nervous for them. It’s just protecting the ecosystem because if enough of them get hit, guess who they’re coming after next? They don’t come after the big ones first.
Let’s talk about ConnectWise’s new AI Responsibility Use Statement. Why create one?
Because it’s a new paradigm going on right now. It’s not because it’s an unknown, it’s because of how rapidly that space is developing. I’ve been working in AI from the cyber side for a long time, and what that was five, six years ago is not what’s going on right now because of the speed of computing power and things like that. What we’re trying to do is let folks know that it’s the whole cliche statement: ‘We’re here for good, not evil.’ We’re not trying to take over the world in a sense and be agnostic of, for lack of better terms, the feelings of end users or just the community in general. But honestly, the industry as a whole is making this up as we go along. That’s why we had to put up gates to say, ‘Listen, we can’t just develop something and throw it out there.’
ConnectWise also created an AI Oversight Committee. Why create that?
I have an Executive Risk Committee that I chair, it’s the same thing for overall. It’s checks and balances, who’s watching the watchers.
Even though these are internal guidelines, do you hope that MSPs pick them up?
I’m actually going to be doing my next blog on this and I hope we can influence folks on what that is. I would think ConnectWise is going to put some good stuff out there, probably on the policy side and playbook side that we offer like, ‘Here’s some good templates to use for your organization if you’re entering that space.’
Why communicate this to MSPs about taking steps to put AI guidelines in place?
Lead, follow, get out of the way. It’s for positive change, it really is.
How does ConnectWise plan to use AI in innovative ways down the line?
Security has always been a part of it. We’re in the chat all the time and we set the guardrails up. For us, it’s not different from normal product development to an extent but we’re probably going to have to navigate and figure out how it does once we get down to it because it’s new. But it’s going to be much more useful on the automation side.
I proved it can be used for security operations automation. It’s viable. Hopefully we’re going to get down that road soon because it’s an arms race.
During the keynote, CEO Jason Magee said cybersecurity is at the tipping point and the gap must be closed this year. How is ConnectWise helping MSPs do that?
It’s staying ahead on the maturity side of the space. It’s using the right technology the right way. It’s also talent. I’m getting the support from the board to hire the right people in the right places. I’m looking for people. I’m going to be flat in 2024 and then I’m going to start automating. I’m not automating anybody out of a job, I’m just taking that role and I’m going to mature that role. There’s a human factor that will never be taken away from that.