How to Achieve and Maintain a Unified Data Security Program

Note to the reader: This article was originally published on Forbes on Feb 1, 2024.

Transforming extensive data collections into valuable insights for decision-making is crucial for organizations across various sectors and sizes. Ensuring data security has never been more essential, given the rapid advancement and disruption caused by artificial intelligence and generative AI in services, experiences, and products. As the CEO of a data security platform, I see the critical need for companies to adopt a comprehensive approach to data security governance to protect sensitive information effectively.

Challenges in AI and Data Security Landscape

Navigating through the complexities of AI and data security presents significant hurdles. In a survey conducted by my company, Privacera, in October 2023, which included 250 U.S.-based chief information officers, chief information security officers, chief data officers, and AI leaders, we discovered that while 98% of organizations emphasize the need for a uniform security and governance strategy, 64% still employ various security solutions for different tasks.

The practice of utilizing multiple security tools tailored to specific needs often results in the manual establishment of controls for each data service. This approach can create inconsistency, reduce overall visibility, and introduce vulnerabilities into an organization’s security framework. These findings underscore the importance of implementing an integrated data security model.

Protecting AI-Powered Data Applications

As generative AI (GenAI) technologies become increasingly prevalent, they bring with them heightened risks of data breaches, intellectual property theft, misuse of models, and violations of regulatory standards, potentially resulting in substantial penalties.

In our investigation, 49% of the participants expressed concerns over vulnerabilities linked to AI usage, 39% worried about misuse and data bias, and 37% feared losing customer trust due to the adoption of GenAI. A separate study by Gartner revealed that 57% of its respondents were worried about the possibility of AI-generated code revealing sensitive information, and 58% were apprehensive about inaccurate or biased AI outputs. Implementing a cohesive strategy is crucial for the effective protection of technological investments.

Moreover, embracing multi-cloud strategies, which involve leveraging services from more than one cloud provider, is becoming commonplace in the development of new offerings. This also extends to the deployment of various GenAI models, necessitating a comprehensive data security governance approach that ensures the security of data and AI models across all storage and operational environments.

The application of AI technologies must account for the protection of not just structured data that fuels AI models but also vast quantities of semi-structured and fully unstructured data.

Furthermore, although we are in the early stages of GenAI’s evolution, it is abundantly clear that prioritizing AI safety and security is essential for organizations aiming to derive long-term value. This necessity is underscored by the recent White House Executive Order on AI in October, signaling that immediate action is necessary not only to safeguard sensitive information but also to stay ahead of forthcoming regulatory requirements.

Crafting a Cohesive Security Framework

Establishing a cohesive strategy for data security governance is pivotal for effectively managing controls across forthcoming AI applications, which will be developed using a mix of data types and cloud-based resources. Here are essential elements to consider when formulating your own comprehensive data security plan:

Integrate Data Strategy with Business Objectives

The importance of GenAI in executive discussions is undeniable. However, there’s a common oversight in concentrating solely on the adoption of technology and its fundamental processes, neglecting the technology’s role in driving business results. Studies, such as the Data and AI Leadership Annual Survey 2024 by New Vantage Partners, highlight a significant gap between aspirations and practical achievements.

It’s crucial for all key players—such as CEO, Chief information Officer (CIO), Chief Data Officer (CDO), Chief Information Security Officer (CISO)—to collaborate in setting and achieving desired outcomes. Bridging your business and data strategies begins by aligning them with appropriate goals and key performance indicators. Success should not be measured by speed of AI adoption or other new technologies but by achieving business-centric KPIs, like enhancing customer satisfaction. This may involve rethinking the reporting structure for the CDO, who might be better positioned reporting to a business-focused role, such as the Chief Operating Officer (COO) or CEO, rather than the CIO.

Cover All Data in Your Security Measures

Your approach to data security should encompass all data types, from standard analytics to complex constructs like large language models, vector databases, and embeddings. Regulations like General Data Protection Regulation (GDPR), applicable to conventional reports or dashboards, should also extend to applications of GenAI. It is imperative to safeguard personally identifiable information (PII) across all user-interaction points.

A notable challenge is the advent of GenAI, prompting involvement from legal, privacy, and security experts; yet, the broader data landscape may remain vulnerable or overly restricted, hampering optimal business performance. Utilizing GenAI as a springboard, leaders should strive for a holistic data security and governance framework.

Transition from Policy Training to Implementing Policy as Code

The introduction of GenAI into strategic discussions often leads to the formation of committees tasked with drafting security policies. However, training individuals to adhere to these policies, while beneficial, is insufficient on its own, as a single misstep, such as falling for a phishing scam, can undermine security efforts.

Providing teams with insights into potential risks associated with AI and other data types is a crucial first step towards fostering responsible AI and data. Employing tools that enforce uniform controls, regardless of data usage location, is equally important. Embracing data security automation and establishing systematic AI security measures will enhance the consistency and effectiveness of your enterprise-wide security strategy.

See what unified data security and AI governance can do for your organization. Request your Privacera AI Governance (PAIG) demo and consultation today.