Finding the Value of GenAI: State of Generative AI Governance and Security

Over the past quarter Privacera conducted a survey to AI practitioners and decision makers to gain a deeper understanding of the current state of generative AI development in organizations and the challenges holding them back. While the hype around generative AI (GenAI) is undeniable, there seem to be mixed signals coming from the market relating to whether adoption or business value projections are real.  For example, McKinsey estimated mid-2023 that GenAI will add between $2Tn and 4Tn in economic value-add. This blog highlights some of the key observations and attempts to offer some key steps for organizations to consider as they map out their GenAI journey.

Value of Generative AI as a business value driver

It seems pretty obvious that generative AI (GenAI) is seen as holding promise for unlocking big business value – at least that is what the folks that approve massive spending on this topic hope. A recent study from IDC proposes that investments in AI Platforms will see a 5 year CAGR of around 51%. While our study did not dig into the market growth, our results indicate that organizations clearly expect a drastic improvement in worker productivity (80%) followed by efficiencies, cost reduction, and better decision making. 

It is early in the GenAI journey

That said, for all our talk about GenAI, most organizations are very early in the journey with some 42% of respondents indicating they are still in some form of experimentation phase. The good news is that less than 10% of folks have done nothing which differs sharply from a BCG study indicating some 40% of respondents have not taken any action on GenAI yet. The data also show that only 17% of folks have real productive applications using Generative AI that are driving value for them.  The rest are still in the middle ground of deploying non-sensitive or mission critical apps, building their architecture etc.

Importance of data security and governance for GenAI

While respondents suggested data quality, budgets, and skills lead the list of challenges organizations face with integrating GenAI into their processes and systems, the need for robust data security and governance was ranked as Essential/Extremely Essential by nearly 70% of respondents. Another interesting observation was that only less than 5% suggest it is not important.

How confident are organizations in their data governance, security posture, and technical capabilities?

We then asked a number of questions relating to the readiness of their GenAI policy guidelines and whether they have sufficient guardrails in place. The encouraging news is that nearly half of the respondents claimed to be proficient or very proficient at all these. But only less than 20% of respondents placed themselves in the top category (5 out of 5), which means there is still a lot of room to grow and improve.

Proposing a unified data security and governance future for analytics and AI

One of the more surprising insights related to how folks propose to solve the data security and governance issues. Most organizations have started out building completely separate tech stacks for GenAI versus their general analytical stacks. In our study nearly 80% of respondents indicated a desire to unify data security, access, privacy governance of GenAI and analytics into a single platform. We recently released a whitepaper on Rethinking the Modern Data Stack in the light of GenAI that expands on the original MDS thinking of Andreessen Horowitz. The transformation of data access and security governance from “coarse grained” to “fine grained” to “metadata driven controls” will continue to force the unification of these disciplines and strive for a much more inclusive and robust data governance framework and compliance controls across our entire data and AI estate.

Some practical guidelines for accelerating your GenAi journey

Over the last year we’ve had the opportunity to work with numerous organizations, big and small, as they go about their generative ai journey and we can share some of the learnings:

• Every project must target a measurable business outcome, with an executive sponsor or owner to help drive. It probably is stating the obvious, but if your project has no explicit tangible outcome (i.e. not aiming to solve anything specifically) chances are very good that you will reach your goal – sadly. Business outcomes and executive sponsorship focus attention and effort, plus you will know when you reach the goal.
• Build your strategic tech stack one agile project at a time. In other words, innovate and experiment, but build towards your strategic platform view with all its bells and whistles. It has to become a transversal platform and competency in your enterprise.
• Plan for a heterogeneous world. Many organizations we worked with started with a cloud provider and implemented the controls and guardrails in that specific technology. The challenge is that your future will be open and diverse, meaning your tech stack suddenly becomes more a walled garden than an enterprise enabling technology. Think multi-model, multi-cloud, multi-agent from day one.
• Design for security, safety, compliance, governance from day one. This is linked to the previous 2 points, but it is crucial to define your policies and build the guardrails from day one – even if your first app is not focused on sensitive data. Gartner (and others) suggest this is one of the top 3 reasons why projects stall before reaching production.
• Educate, experiment, educate, experiment. GenAI will touch every part of our work (and personal life). More importantly, it does not just only improve processes, but it reimagines them. GenAI is going to drive a next level consumerization of technology far beyond what we have seen with things like business intelligence, search or even SAAS applications.

Learn how Privacera can help you on your GenAI journey

For the past 10+ years Privacera has been at the forefront of the journey towards powering responsible and trusted use of data. Our founders were the original creators of Apache Ranger and Apache Atlas that became the foundation for security and access governance for Hadoop. 

Since Privacera’s founding, that journey continues to bring the same data security and access governance to the modern cloud.  Today, Privacera’s platform is used to solve the complex world of data security and access governance across the diverse hybrid cloud environments organizations are operating by providing a single pane of glass to manage and control fine grained permissions and accelerating data initiatives. 

Privacera recently launched PAIG (Privacera AI Governance) that brings that same level of control to GenAI apps and assistants to ensure your corporate security and privacy posture is not compromised when deploying GenAI on your company specific data. You can read the blog by Balaji Ganesan, CEO and Co-Founder of Privacera on the The evolution of access governance and the implications for GenAI. 

As you are considering your own journey, we invite you to also read our whitepaper on Using GenAI to Safely Disrupt Your Industry.