If anyone understands the transformative power of artificial intelligence, it is OnCorps. Helping financial giants streamline operations and reduce manual tasks by 80-90%, the OnCorps team are AI experts in their own right.

That’s why StackAware leapt at the chance to partner with them on an AI risk assessment.

Focusing on value

As always, StackAware’s primary goal was to secure ongoing business operations without disruptive changes. Cybersecurity risk is ever present and no one can eliminate it entirely while still running a business. But there are always opportunities for quick wins and simple process improvements targeting the 20% of situations representing 80% of the risk surface.

That’s why we spent the first part of the engagement understanding OnCorps' value proposition to their customers: automating repetitive tasks for highly-regulated industries, such as financial services.

“Walter understands not just the security and technical side of deploying AI products, but also how to tackle evolving business challenges. The StackAware assessment was extremely thorough while at the same time offering practical, realistic suggestions for how to manage artificial intelligence-related security, compliance, and privacy risks. Unlike most security consultants, who drop off a dense technical report and then disappear, Walter provided clear and actionable recommendations for strengthening OnCorps’ AI governance program.”

- Brian Cole, PhD, Senior Vice President of Data and Machine Learning

Managing risk at the bleeding edge

OnCorps leverages a wide range of AI tools, from using commercial Software-as-a-Service (SaaS) options to self-hosting open source models running in Infrastructure-as-a-Service (IaaS) environments. Furthermore, some of the software products OnCorps leverages themselves use other AI vendors, potentially creating 4th party exposure. This complex landscape made a flexible but comprehensive approach to AI governance a key requirement.

Through structured analysis of all potential cyber risks related to deploying these systems, StackAware delivered a comprehensive framework for managing them securely and cost-effectively. And since protecting its intellectual property is key to OnCorps’ success and survival, we helped identify protective measures to keep it confidential and secure from attackers.

Refer a friend

Staying compliant across jurisdictions

A global company, OnCorps has earned a ISO 27001 certification to demonstrate its commitment to information security. With a physical presence in the United Kingdom (UK), meeting the requirements of the UK Data Protection Act was also critical.

With the rapidly changing regulatory landscape, increasing scrutiny being applied to AI-powered products, and the ongoing customer demand to maintain ISO 27001 certification, OnCorps needed to be sure it could satisfy auditors as well as maintain the confidence of its customers. That’s why StackAware analyzed every potential risk against the applicable compliance frameworks, not only recommending technical security measures but also how to document their implementation in an easily-consumable manner.

“As the OnCorps CISO, I need to deal with the entire information risk surface for a globally-distributed company. When it comes to AI, things are moving extremely quickly. So you need to pay close attention to detail and put the right guardrails in place. Walter’s expertise was a huge help in this respect. With StackAware’s structured assessment approach, I quickly identified the key artificial intelligence risks and got a ready-to-implement plan for resolving them. If you are struggling to navigate the choppy waters of AI security, compliance, and privacy, I highly recommend working with Walter and the StackAware team.”

- Ken Leeser, Chief Information Security Officer

Conclusion

Both OnCorps and StackAware are optimistic about AI and the huge productivity and efficiency impacts it will have. Responsibly deploying artificial intelligence and machine learning systems, though, requires a well-reasoned and deliberate approach to governance. Identifying potential challenges and ways to address them quickly and realistically is thus StackAware’s singular goal during risk assessments.

Delivering one successfully for OnCorps represents a huge win for both organizations.

Interested in mapping your AI risk surface?

Get your Data Defense Blueprint