The path for users to AI is very short; entry is gentle, easy and often free of charge. And that has massive consequences in the form of shadow IT, which should be familiar to companies from the early stages of the cloud.
The potential of generative AI has sparked a real gold rush that no one wants to miss. This is shown by a study by Censuswide on behalf of Cohesity, a global provider of AI-powered data management and security. 86 percent of 903 companies surveyed are already using generative AI technologies.
Avoid loss of control
In the past, public cloud services have sparked a gold rush, with employees uploading company data to external services with just a few clicks. IT has temporarily lost control of company data and has had to accept risks in terms of protection and compliance. The birth of shadow IT.
Respondents now expect something similar with AI, as the survey shows. Compliance and data protection risks are cited as the biggest concerns by 34 and 31 percent respectively. 30 percent of company representatives fear that the AI could also spit out inaccurate or false results. After all, most users don’t yet know how to optimally interact with the AI engines. And last but not least, the generative AI solutions are still new and not all of them are yet fully developed.
The media has often reported on companies that have had this experience. In April 2023, engineers at Samsung uploaded company secrets to ChatGPT, making them the learning material of a global AI - the worst case from a compliance and intellectual property perspective.
Since the innovation cycles in AI are extremely short, the range of new approaches, concepts and solutions is exploding. The security and IT teams find it extremely difficult to keep up with this pace and put the respective offers through their paces. Often they are not even involved because, like the cloud, a business unit has long been using a service - after shadow IT, shadow AI is now emerging and with it an enormous loss of control.
Make people aware of dangers
At the same time, new forms of possible misuse of AI are becoming known. Researchers at Cornell University in the USA and the Technion Institute in Israel have developed Morris II, a computer worm that spreads autonomously in the ecosystem of public AI assistants. The researchers managed to teach the worm algorithms to bypass the security measures of three prominent AI models: Gemini Pro from Google, GPT 4.0 from OpenAI and LLaVA. The worm also managed to extract sensitive data such as names, phone numbers and credit card details.
The researchers share their results with operators so that the gaps can be closed and security measures can be improved. But here a new open flank is clearly emerging on the cyber battlefield where hackers and providers have been fighting each other with malware, spam and ransomware for decades.
Speed yes, hectic no
IT teams will not be able to turn back the clock and keep AI out of corporate networks. Therefore, bans are usually not an appropriate approach. But IT cannot and should not be tempted to rush and make quick decisions, but rather regain control over its data and the AI.
Vendor-driven AI approaches like Cohesity Gaia are often, by definition, tied to their own environment and reveal how they work. This allows IT teams to accurately assess the risk and rule out possible external data sharing. The AI is self-contained and can be introduced in a controlled manner. IT teams can also be very selective about which internal systems and data sources the AI modules actively examine. You can start with a small cluster and introduce AI in a highly controlled manner.
The underlying Cohesity Data Cloud uses granular role-based access controls and a zero trust approach to ensure only authorized users and models have access to the data. In this way, AI models that have already been introduced can be tamed by third parties by specifying exactly which data these models are allowed to access. A decisive advantage for slowing down the uncontrolled dynamics of AI, because data flows can be precisely controlled, sensitive information protected and legal requirements adhered to.
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.
Matching articles on the topic