AI-Assisted Controls Change Management for Cybersecurity in the Cloud

Abstract

Webscale services dealing with sensitive content are increasingly being deployed in hybrid cloud environments. At the same time, the scale of security breaches have also increased manifold. To tackle increasing risks, regulatory bodies define standards such as PCI-DSS, HIPAA, GDPR, etc. that organizations must comply with. A typical organization may need to comply with tens of regulations. Each of these regulations are usually published in natural language text that run into hundreds of pages. When these regulatory standards undergo revisions, understanding the changes, interpreting their impact and implementing them consumes huge amount of time, effort, and resources. In this paper, we propose a regulatory change management framework to automate elements of this extremely manual and time consuming activity. We introduce the concept of live crosswalks – a framework that models complex relationships among compliance documents along with associated operations to manage the change. It uses natural language processing (NLP) techniques to transform the current document-driven, highly manual process into a data-driven interactive intelligent system. In this paper, we present the algorithm design for change detection module and an evaluation demonstrating that the proposed system generates a change log comparable to an expert generated one. The tool is currently deployed with multiple internal teams for assisting in compliance management.