Pure Storage Is Using AI to Enhance Cloud Security
- Pure Storage provides cloud-storage systems to over 11,000 customers.
- It uses AI to help automate and enhance security, finance processes, and product development.
- This article is part of “CXO AI Playbook” — straight talk from business leaders on how they’re testing and using AI.
For “CXO AI Playbook,” Business Insider takes a look at mini case studies about AI adoption across industries, company sizes, and technology DNA. We’ve asked each of the featured companies to tell us about the problems they’re trying to solve with AI, who’s making these decisions internally, and their vision for using AI in the future.
Pure Storage has been providing cloud-storage systems for more than a decade and is trusted by some of the world’s largest organizations, such as ServiceNow and Domino’s Pizza. It uses generative AI to help make its 2,000 engineers even more efficient.
Situation analysis: What problem was the company trying to solve?
Pure Storage was founded in 2009 and, according to its website, serves over 11,000 global customers. As a result, it has extensive institutional knowledge in providing data storage to companies.
However, making use of that knowledge across complex business processes was a challenge, Ratinder Paul Singh Ahuja, the company’s chief technology officer for security and networking, told Business Insider.
That changed with the popularization of generative-AI platforms in 2022. “I could see how this could be used in a number of business processes,” Ahuja said. “We put together a company-level initiative to do what we call a generative-AI-powered enterprise.”
Ahuja said the company considered several options for deploying generative artificial intelligence, such as using it to sift through queries, support its internal help desk, or help the company’s finance arm.
But the most pressing improvement Ahuja wanted to make was speeding up and bolstering the checks his security team carried out. He quickly hit upon two key areas where AI could help.
Normally, his development, security, and operations program would have to sit through design discussions with company teams and try to find security issues to fix before rolling out products. It was laborious and time-consuming.
The security team at Pure Storage would also be overwhelmed by threat announcements — when providers of hardware or software used by companies, including Pure Storage, announce they’ve found vulnerabilities in their code that need fixing. But these reports are often for products not used by Pure Storage or don’t affect them, so filtering through the announcements is hard.
Key staff and partners
The process of implementing these uses of AI was led by Ahuja, who demonstrated the early examples to the executive team at Pure Storage.
He said that at Pure Storage, the office of the technology officer had more freedom and ability to explore new technologies than the IT department: “They kept it under the office of CTO, as opposed to IT services, just because the field is changing rapidly, and we wanted to have the ability to not be rigidly covered by an IT process.”
AI in action
In its security department, Pure Storage now uses a generative-AI tool that was trained with Ahuja’s presentation slides and knowledge about modeling threats — similar to the way a human staff member would be trained on best practices. “This GPT can now be cut and pasted as a picture of a design, any documentation or code you have written, and it will walk through the STRIDE methodology,” Ahuja said, referring to a standard threat-modeling methodology that stands for spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.
Other Pure Storage teams, not just security, can use the program, meaning they don’t have to wait for a security specialist to become free to check their plans.
The generative-AI tool scanning the vast volumes of threat announcements and warnings can quickly triage what human security professionals need to pay attention to and what they can ignore. The tech analyzes the threat feed and asks what class of system is affected and which signs to look for to detect the issue. “Then it queries our asset database, and says, ‘Do we have this class of systems? Should I even worry about it?” Ahuja said. If the answer is yes, it’ll continue to analyze until it’s convinced it needs to flag a human, he said.
Did it work, and how did leaders know?
Pure Storage’s AI model is designed to poke holes in new features, products, or services, probing for weaknesses that cybercriminals could exploit. “What used to take a couple of weeks is now an hour’s job, with the bot guiding the different teams through the STRIDE methodology,” he said. “This is really popular with our engineering teams because they don’t have to wait for a security expert.”
Meanwhile, Ahuja said, the triaging tool is so helpful it’s as if the security-operations team has added another worker: “This is really powerful. You could not keep up. They were constantly underresourced.”
What’s next?
Ahuja wants to layer AI on top of Pure Storage’s products. “Gen AI is really good at analyzing configurations — it’s very good at generating code,” he said. “If you look at Pure Storage and many other vendors, we put out complex systems, and you have to configure them.”
He believes generative AI can help automate large parts of that process.
We want to hear from you. If you are interested in sharing your company’s AI journey, email jhood@businessinsider.com.