- Pure Storage provides cloud storage systems to more than 11,000 customers.
- We use AI to help automate and enhance security, financial processes, and product development.
- This article is “CXO AI Playbook“Business leaders speak openly about how they're testing and using AI.”
In “CXO AI Playbook,” Business Insider presents mini-case studies of AI adoption across industries, company sizes, and technology DNA. Each company talks about the problem they're trying to solve with AI, who is making those decisions within their company, and their vision for the future of AI.
Pure Storage has been providing cloud storage systems for over a decade and is trusted by some of the world's largest organizations, including ServiceNow and Domino's Pizza. The company is using generative AI to make its 2,000 engineers more efficient.
Situation analysis: What problem was the company trying to solve?
Pure Storage was founded in 2009 and, according to its website, serves more than 11,000 customers worldwide, so it has a wealth of institutional knowledge when it comes to providing data storage to businesses.
But leveraging that knowledge across complex business processes has been difficult, Ratinder Paul Singh Ahuja, the company's chief technology officer for security and networks, told Business Insider.
That changed with the rise of generative AI platforms in 2022. “We saw how this could be leveraged across a range of business processes,” Ahuja said. “We put together an enterprise-level effort to enable what we're calling the generative AI enterprise.”
Ahuja said the company explored several options for using generative artificial intelligence, including for query triage, supporting the internal help desk and assisting the finance department.
But the improvement Ahuja wanted most was to speed up and strengthen the checks his security team performed. He quickly saw two key areas where AI could help:
Typically, his development, security, and operations programs would have required him to discuss designs with company teams and identify security issues that needed to be fixed before the product was deployed, a tedious and time-consuming task.
The Pure Storage security team is also inundated with threat announcements: hardware and software providers that Pure Storage and other companies use announce that they have found vulnerabilities in their code that need to be fixed. But filtering the announcements is difficult because they are often for products Pure Storage doesn't use or that don't affect Pure Storage.
Key Staff and Partners
The process of implementing these uses of AI was led by Ahuja, who provided early examples to Pure Storage executives.
He said that at Pure Storage, the head of technology's office had more freedom and ability to explore new technologies than the IT department, saying: “They put the head of technology under the CTO's office rather than IT services because the area is changing rapidly and they wanted to have the ability to not be strictly covered by IT processes.”
Use of AI
Pure Storage's security department now uses generative AI tools that are trained on Ahuja's presentation slides and knowledge of threat modeling, similar to the way human staff are trained on best practices. “This GPT can be cut and pasted as a blueprint, any document or code that you create, and it goes through the STRIDE methodology,” Ahuja said. STRIDE methodologies are standard threat modeling techniques that represent spoofing, tampering, repudiation, information leakage, denial of service and privilege escalation.
The program can be used by not only your security team, but other Pure Storage teams too, so you don't have to wait for a security expert to be available to review your plan.
Generative AI tools that scan vast amounts of threat alerts and warnings can quickly triage what needs human security professionals' attention and what can be ignored. The technology analyzes threat feeds and asks what class of systems are affected and what signs to look for to detect the problem. “Then it queries its asset database and asks, 'Do we have systems in this class? Do we need to be concerned?'” Ahuja says. If the answer is yes, it continues analyzing until it's convinced it needs to flag a human, he says.
Did it work, and how did the leaders know?
Pure Storage's AI models are designed to poke holes in new features, products, or services, looking for weaknesses that cybercriminals can exploit. “What used to take weeks now takes an hour, with the bot guiding various teams through the STRIDE methodology,” he says. “This has been a big hit with our engineering teams, because they don't have to wait for security experts.”
Meanwhile, Ahuja said the triage tool has been extremely helpful, adding that it's like adding another hand to the security operations team. “It's really powerful. We can't keep up with it. We've always been short on resources.”
What's next?
Ahuja wants to layer AI on Pure Storage's products. “Gen AI is good at analyzing configurations, and it's good at generating code,” he says. “If you look at Pure Storage and a lot of other vendors, they give you a complex system, and then you have to configure it.”
He believes generative AI can help automate much of that process.
We'd love to hear from you, so if you have any thoughts about your company's AI journey, please email us. jhood@businessinsider.com.
