2 months ago
70
If you are a security leader, you will need to be able to answer the following questions: where is your sensitive data? Who can access it? And is it being used safely? In the age of generative AI, it’s increasingly becoming a struggle to answer all three.
An October whitepaper from Concentric AI outlines the rationale. GenAI moved from a ‘curiosity to a central force in enterprise technology almost overnight’. The company’s autonomous data security platform provides data discovery, classification, risk monitoring and remediation, and aims to use AI to fight back.
This time last year, in the UK, Deloitte was warning that beyond IT, organisations were focusing their GenAI deployments on parts of the business ‘uniquely critical to success in their industries’ – and things have only accelerated since then. Beyond that, Concentric AI notes how GenAI is changing the fundamental process for securing data in an organisation.
“The exposure to insider threat has increased substantially and, really, the exfiltration of that sensitive data, it’s no longer necessarily a proactive decision,” says Dave Matthews, senior solutions engineer EMEA at Concentric AI. “So, what we’re finding is users are making good use of AI-assisted applications, but they’re never quite understanding the risk of exposure, particularly through certain platforms, and their decisions on which platform to use.”
Sound familiar? If you’re having flashbacks to the early days of enterprise mobility and bring your own device (BYOD), you’re not alone. Yet as the whitepaper notes, it’s an even greater threat this time around. “The BYOD story shows that when convenience outruns governance, enterprises must adapt quickly,” the paper explains. “The difference this time is that GenAI doesn’t just expand the perimeter, it dissolves it.”
Concentric AI’s Semantic Intelligence platform aims to cure the headaches security leaders have. It uses context-aware AI to discover and categorise sensitive data, both across cloud and on-prem, and can enforce category-aware data loss protection (DLP) to prevent leakage to GenAI tools.
“A secure rollout of GenAI, really what we need to do is we need to make that usage visible, we need to make sure that we sanction the right tools… and that means enforcing category-aware DLP at the application layer, and also adopting an AI policy,” explains Matthews. “Have a profile, perhaps that aligns to NIST’s Cyber AI guidance, so that you’ve got policies, you’ve got logging, you’ve got governance that covers… not just the usage of the user or the data going in, but also the models that are being used.
“How are those models being used? How are those models being created and informed with the data that’s going in there as well?”
Concentric AI is participating at the Cyber Security & Cloud Expo in London on February 4-5, and Matthews will be speaking on how legacy DLP and governance tools have ‘failed to deliver on their promise.’
“This isn’t through a lack of effort,” he notes. “I don’t think anyone has been slacking on data security, but we’ve struggled to deliver successfully because we’re lacking the context.
“I’m going to share how you can use real context to fully operationalise your data security, and you can unlock that safe, scalable GenAI adoption as well,” Matthews adds. “I want people to know that with the right strategy, data security is achievable and, genuinely, with these new tools that are available to us, it can be transformative as well.”
Watch the full interview with Dave Matthews below:
Photo by Philipp Katzenberger on Unsplash