EDITOR ’ S QUESTION
JONATHAN MEPSTED , VP MIDDLE EAST AND
AFRICA , NETSKOPE
GenAI presents a major data protection challenge because employees share data and files through these applications and services as part of their prompts and questions . The vast majority of organisations currently do not have effective visibility over what is GenAI in use , or what data is being exfiltrated via these applications .
This means companies could be giving away data that trains systems that can be used to benefit competitors , or even contravene important legislation around data protection such as GDPR .
Blocking the better known GenAI simply leads to shadow AI , the unapproved use of these applications , or drives employees to less trustworthy AI tools .
CISOs need visibility of the AI applications in use , and understanding of the models being used , the data being shared , and the outputs that AI tools are producing . This enables an understanding of whether any sensitive data is at risk of being compromised and enables the implementation of comprehensive data loss prevention controls .
CISOs should also take an active role in evaluating the applications used by employees , restricting access to those that do not align with business needs or pose an undue risk , but being supportive of those where the risks have been evaluated and deemed acceptable . that are triggered when an employee tries to use a GenAI app , and messages can be tailored to an organisation ’ s security policy , explaining blocking decisions , encouraging the use of other approved applications , or reminding employees to consider data protection responsibilities .
This approach catches employees just-in-time before they share potentially sensitive data and is a way to safely enable employees to use the tools that have already become a part of their daily life .
CISOs need visibility of the AI applications in use , understanding of the models being used , data being shared , and outputs that AI tools are producing .
Organisations should start by developing clear policies and standards with enough granularity to be able to support the secure use of GenAI .
The need to keep a continuous inventory of which applications and services are being used by employees , for what purpose , and what data is being used by said applications .
The best way to support employees to make secure and compliant choices when using GenAI is to introduce technology that enables constant , real-time coaching . This takes the form of pop-up messages
In addition , organisations should make sure they are in alignment with the many new AI risk frameworks that have cropped up in the past year or more to make sure they ’ re up to date in terms of best practice .
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 33