Security, cost and the shortage of skills are among the primary concerns for organisations in ASEAN when embarking on artificial intelligence (AI) initiatives, according to a regional executive at Snowflake.

Speaking to Computer Weekly on Snowflake’s shift to enterprise AI, Sanjay Deshmukh, the company’s senior regional vice-president for ASEAN and India, said security is the foremost consideration among organisations implementing AI.

“The enterprise AI mindset is different and starts with data rather than copilots and large language models [LLMs] which come later,” he said. “But unless organisations are convinced about security, they will not put anything in production.”

To alleviate security concerns, Deshmukh explained that Snowflake, which does not use customer data to train AI models, including those from third parties, has built the Horizon platform. This platform allows organisations to discover and govern data, apps, and models with a built-in set of compliance, security, privacy, interoperability and access capabilities.

Horizon includes a trust centre that determines the current security posture of an account, end-to-end encryption to prevent third parties from reading data while at-rest or in transit, and granular authorisation controls to control access to objects.

“This governance model will always apply regardless of which machine learning model, LLM or analytics report is trying to access the data,” Deshmukh said. “And if there is personally identifiable information [PII] that has been tokenised or masked, it will always be masked and not be disclosed.”

Earlier this year, Snowflake became the target of a financially motivated threat actor that was suspected to have stolen a significant volume of records from Snowflake customer environments via stolen customer credentials. The affected customers included ticketing platform Live Nation, Santander Bank and US telecoms giant AT&T.

In a joint statement on their investigations into the matter, Snowflake, Mandiant and CrowdStrike said they had not identified evidence suggesting the activity was caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.

They also did not find evidence suggesting the activity was caused by compromised credentials of current or former Snowflake employees, and that it appeared to be a targeted campaign directed at users with single-factor authentication.

Snowflake is developing a plan to require its customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts.