According to experts, there are strategic frameworks to form safeguards around data usage. For instance, enterprises must have a centralised data governance policy that dictates how data is being stored, accessed, and processors.

Organisations can leverage privacy-enhancing technologies such as synthetic data, differential privacy, and federated learning to maximise AI capabilities without risking a privacy breach. Companies should consistently adhere to rules and regulations when it comes to the deployment of shadow AI. For instance, they must have crossfunctional teams responsible for specific use cases and would run due diligence its review and approval.

AI-powered monitoring tools that detect signs of non-compliant AI usage are also available and take appropriate actions. Use of Generative AI is increasing and we see more organisations adopting it. This calls for balancing accessing data and complying with privacy laws and regulations. To ensure compliance, one must set clear data rules dictating how the data will be classified, control access, and monitor how AI interacts with the same.

Different countries may implement different privacy laws. For instance, the Personal Data Protection Law, PDPL from UAE, the PDPL from Saudi Arabia, and GDPR for global standards are a few that the companies must align when it comes to AI usage ensuring they remain compliant to avoid attracting hefty fines or legal repercussions. There is a need to ensure shadow AI undergoes automated security checks, and reviews from governance teams, and abides by internal AI usage policies.

Shadow AI is an expected and natural consequence of Generative AI adoption in enterprises. While it fosters innovation and agility by enabling teams to experiment with AI-driven solutions, it also introduces significant risks, including data security vulnerabilities, compliance breaches, and inconsistent data usage. To mitigate these risks, enterprises must proactively establish governance frameworks, educate employees on responsible AI use, and provide approved tools that balance innovation with control. By doing so, organisations can harness the transformative potential of Generative AI while minimising the risks associated with shadow AI.

Organisations need to manage their data infrastructure with a dual focus on availability and security. A unified and intelligent data management system is essential.

Such a system would seamlessly integrate data from diverse sources, on-premises systems, cloud environments, and edge devices while maintaining strict control over data privacy and compliance requirements. By classifying and categorising data, organisations can ensure that Generative AI models only access relevant and authorised information, eliminating the risk of accidental exposure of sensitive data.

One of the challenges organisations face is making data accessible to AI-driven applications while ensuring protection against security threats and strict adherence to data privacy and compliance policies. Striking this balance is critical and enterprises must equip AI systems with the necessary data without violating compliance regulations or exposing sensitive information to undue risk.

Data sovereignty further complicates compliance, especially for organisations operating across multiple geographies.

WALID ISSA, SENIOR MANAGER, SOLUTIONS ENGINEERING, MIDDLE

EAST AND AFRICA, NETAPP

Intelligent CIO Middle East Issue 114 | Page 33

According to experts, there are strategic frameworks to form safeguards around data usage. For instance, enterprises must have a centralised data governance policy that dictates how data is being stored, accessed, and processors.