Ensuring AI comes out of the shadows

Whilst companies are right to encourage their teams to find innovative usages of generative artificial intelligence (GenAI) to streamline workflows, many employees are using the technology in ways that are not being sanctioned by their employers. It is a phenomenon called shadow AI and is a growing concern.

It is a problem that is not going to go away any time soon. A recent study from Deloitte found that only just under a quarter (23 percent) of those who have used GenAI at work believe their manager would approve of how they’ve used it. This is not the time for them to take chances. After all, the unsanctioned use of AI could put an organisation in serious legal, financial, or reputational risk.

The risks associated with employees placing sensitive data into GenAI tools is real. Nearly one-third of employees in a survey completed late last year admitted to placing sensitive data into public GenAI tools. Unsurprisingly, 39 percent of respondents in the same study cited the potential leak of sensitive data as a top risk to their organisation’s use of public GenAI tools.

A step change in adoption

The step change with AI adoption happened with the launch of ChatGPT. From that point forth it wasn’t just a tool for technologists, but a tool for all. It was a collective aha moment. Now, the technology has become almost as ubiquitous in our everyday lives as brushing our teeth in the morning. 

Use of GenAI is growing incredibly fast. In the past 12 months, we have seen organisations across nearly every industry deriving business value from it. In fact, in a recent McKinsey Global Survey, two-thirds (65 percent) of respondents reported that their organisations are now regularly using the technology, nearly double the percentage ten months previous. Respondents’ expectations for GenAI’s impact were highly positive, with three-quarters predicting that it would lead to significant or disruptive change in their industries in the years ahead.

The need to apply zero trust principles

Most of the enterprise GenAI solutions being built are being designed to leverage already available data. It is, after all, the lowest hanging fruit. These solutions are typically centred around customer service because that is where the data is. 

However, with much of this data being sensitive in nature it is important that organisations take no chances. It is time for a shift in thinking. It is time to look at GenAI solutions as a machine that moves data. The top priority, therefore, should be how the data is being controlled both going into the system and when it comes out the other side. 

Businesses need to apply zero trust principles into this data later. A zero trust model operates on the principle of maintaining rigorous verification, never assuming trust, but rather confirming every access attempt and transaction. This shift away from implicit trust is crucial. By embedding zero trust principles throughout generative architectures would offer a proactive path to enabling accountability, safety, and control.

The democratisation of data leverage

Part of the issue we are seeing with GenAI is that the technology has thus far outpaced the need to secure it. Whilst some organisations are cognisant of the risks, the knowledge has not yet percolated out. In many ways, AI has been the democratisation of data leverage. Before GenAI, a business had to have technology sitting in front of a database to get to the data held within. Plus, you needed to understand how to use it. Now, the only barriers to leveraging data is whether you know the alphabet and how to copy and paste. The offshoot of this is that the likelihood of this data going outside of the business markedly increases.

It comes back to the people within the organisation. A business can take steps to secure technology, it can take steps to secure the data, but there are always human beings in the loop. Training and education help, but we as a species remain incredibly flawed. 

As long as GenAI is a tool that staff can use to help them reach their goals they will take advantage of it. Whether you want them to or not. Because of this, people will always remain the most open vector to data leakage.

Shining a light on the problem

The use of AI, whether in or out of the shadows is not going to go away. And nor should it. AI is great for automating tasks, handling big data, facilitate decision-making, reducing human error, and further our understanding of the world around us. However, education of best practices and how to responsibly use AI is needed.

Least privilege access, always on monitoring, and never trust, always verify have been in place at the technology layer for some time. Now, though, it is important to bring these principles down to the data itself. Thankfully, help is at hand. With a Private Content Network, organisations can protect their sensitive content more effectively in this era or AI. The best examples of the technology provide content-defined zero trust controls, featuring least-privilege access defined at the content layer and next-gen DRM capabilities that block downloads from AI ingestion. They also themselves employ AI to detect anomalous activity – for example, sudden spikes in access, edits, sends, and shares of sensitive content. This will help shine a light on any unsanctioned activity going on in the shadows so that a business can remain compliant. 

Tim Freestone

Tim Freestone joined Kiteworks in 2021 and brings over 15 years of experience in marketing and marketing leadership, including demand generation, brand strategy, and process and organisational optimisation. Tim was previously Vice President of Marketing at Contrast Security, a scale-up application security company. Before Contrast, Tim was the Vice President of Corporate Marketing at Fortinet, a multi-billion-dollar, next-generation firewall and cloud security company. Tim holds a Bachelor’s degree in Political Science and Communication Studies from The University of Montana.

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...

Custom Software Development

Natalia Yanchii • 03rd October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

Six ways to maintain compliance and remain secure

Patrick Spencer VP at Kiteworks • 16th September 2024

With approximately 3.4 billion malicious emails circulating daily, it is crucial for organisations to implement strong safeguards to protect against phishing and business email compromise (BEC) attacks. It is a problem that is not going to go away. In fact, email phishing scams continue to rise, with news of Screwfix customers being targeted breaking at...

Enriching the Edge-Cloud Continuum with eLxr

Jeff Reser • 12th September 2024

At the global Debian conference this summer, the eLxr Project was launched, delivering the first release of a Debian derivative that inherits the intelligent edge capabilities of Debian, with plans to expand these for a streamlined edge-to-cloud deployment approach. eLxr is an open source, enterprise-grade Linux distribution that addresses the unique challenges of near-edge networks...
The Digital Transformation Expo is coming to London on October 2-3. Register now!