Why Least Privilege Fails (And How to Fix It) - Sanjeev Kumar - Guardians of the Data - Episode #30
What happens when your AI system has more access to your data than your employees (and you don’t even know it)?
Sanjeev Kumar, Senior Global AI & Data Protection Lead at Amazon Web Services, joins Ward on the podcast today for a deep dive into the real risks organizations face as AI moves from experimentation to production.
With more than 20 years of cybersecurity experience and a career that spans the rise of cloud computing to today’s AI transformation, Sanjeev shares what organizations consistently get wrong about data governance, ownership, least privilege, and AI deployment. This is not a high-level “AI is risky” discussion. It’s a tactical breakdown of what security leaders must implement now to avoid regulatory, reputational, and operational fallout.
Takeaways:
- Start with Data Classification and Inventory: Understand the types of data you have (sensitive, regulated, or intellectual property) and where they reside before implementing any controls.
- Establish Clear Data Ownership and Stewardship: Define who owns the data (business leaders), who manages it daily (data stewards), and who maintains the infrastructure (IT custodians). Everyone must understand their responsibilities.
- Never Let Temporary Become Permanent: When moving data to interim storage solutions, ensure proper controls are in place. Temporary shortcuts often become permanent security gaps.
- Always Experiment in Isolated Environments: Start with black-box environments using synthetic data first. Never expose experimental AI systems to production or public networks.
- Implement Dynamic, Behavior-Based Access Controls: Move beyond traditional RBAC to access controls that adapt based on actual behavior patterns, not just historical permissions.
- Understand Both Financial and Non-Financial Risks: Reputational damage, regulatory scrutiny, and loss of customer trust often outweigh direct financial penalties.
- Live in the Future: Anticipate what will matter in 4-5 years and start learning it today. Position yourself where the industry is heading, not where it is now.
Quote of the Show:
- “Vendor can be replaced, trust cannot be.” - Sanjeev Kumar
Links:
- LinkedIn: https://www.linkedin.com/in/trusted-ai-ciso/
- Website: https://aws.amazon.com/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
