CISOs Facing a Balancing Act of GenAI Benefits and Security

Andy fortanix
Andy Buckland
Published:Aug 5, 2024
Reading Time:3mins
GenAI Benefits and Security

With data at the heart of business strategy, insights across all aspects of business operations, employee productivity, the customer lifecycle and market performance, support critical decision making.

However, it is recognized up to 75% [source] of company data is underutilized. Or distributed across a complex IT landscape, disabling the ability to effectively analyze and drive outcomes.

Regardless of industry, and company size, GenAI presents organizations with an unprecedented opportunity to enhance or create new business outcomes at a speed and scale previously unavailable.

Where AI can drive business outcomes

  • Enhance user experience, with seamless omnichannel, real time personalization or predictive service to reduce churn
  • Drive revenue growth by identifying new markets, accelerating product adoption or improving margins with optimized market pricing
  • Reduce operating costs with automation and improved efficiencies, or
  • Accelerate time to market through the rapid creation of new and differentiated products for competitive advantage

Organizations are racing to realize the economic value of GenAI.Analysts predict this is in the trillions of dollars of incremental value in revenue and shareholder value.

Yet organizations need trusted data to drive business insights, strategic initiatives, and performance outcomes.

Security for AI

The concern of adding all this company data into a GenAI model amplifies existing data security concerns when considering the safeguarding and privacy of data; while it introduces new threats to enterprise data security:

  • Is the code secure, or is it giving hackers easy access to data?
  • Are Employees sharing confidential information through Shadow AI?
  • What happens if the Gen AI model is stolen?
  • Can the prompt response be manipulated?
  • Are the data sets a true representation for accurate responses?
  • Can the training data be poisoned, providing hallucinations?

All of these create new threats that the security team must mitigate, if the business is to unlock the benefits GenAI promises. While the legal teams will be concerned with ethical outputs, rights management and IP protection, which can all impact revenue opportunity and reputation, the CISO must ensure the GenAI models and the data lifecycle is secure.

We are still in the embryonic stage of GenAI adoption, and we are already seeing these threats today. The 2023 Gartner AI in the Enterprise Survey identified nearly 30% of companies using Generative AI have already had security breaches, compromising data through internal or external parties, and from a malicious attack on the AI infrastructure itself.

Software companies are seeing an increase in costs from the rise in data centre power required to run the systems. Meanwhile, organizations are warned that “to unlock GenAI’s full potential, a data management strategy coupled with modern infrastructure” [source] is essential.

A thorough control of data storage, access and usage, in real-time, through a consolidated data infrastructure is the only way to avoid multiple versions of the same data, and to be able to explore the best use of GenAI use cases.

Getting the balance right

This is a challenging balancing act for the CISO and team. If organizations focus too heavily on the business outcomes and perceived value of utilising GenAI, it compromises the sole asset that makes these benefits possible – the data.

However, over rotating to data security makes it impossible to realise the value of GenAI when reducing analytical capacity, hampering innovation with regulation red tape.

So, the big questions are, how do you do this? How do you get the balance right? How do you extract positive business outcomes while protecting the enterprise's most valuable asset, the data?

To mitigate both the existing and new threats, companies need to consider what a future proof end-to-end cybersecurity model should look like. The model would of course need to mitigate all the existing data security challenges faced today. It would need to secure all the new threat vectors introduced by GenAI, but also, the agility to provide future proof data security by being post quantum ready. All secured within trusted, confidential computing, secure enclaves.

Securing the data lifecycle

But the real challenge isn’t to secure the GenAI model – It’s to ensure the organization has a complete end to end data security lifecycle solution:

  • To protect the data  before it is even ingested into the Generative AI model
  • To secure the data assets whilst being used in the Gen AI model
  • But most importantly the data output is completely secured, as it is this new data that will drive the business outcomes and create true value

If the data lifecycle isn’t secure, this becomes a business-critical exposure

And that’s why at Fortanix, we believe in a data-first security strategy, underpinned by Confidential Computing, enabling organisations to safely and securely leverage business and operational benefits. We deliver the trust and security demanded, across every stage of the data lifecycle - for today, and into the future, with a PQC ready approach.

Share this post: