BLOG

Insights from the C-Suite: Securing Data in a Generative AI World 

BY SPIRION
June 25, 2024

In a recent webinar, experts from various fields shared their perspectives on how to secure data in a world increasingly dominated by generative AI. This discussion featured insights from a CEO, CISO, CIO, and CTO, providing a comprehensive look at the challenges and strategies involved in data security within this evolving landscape. Let’s dive into the key points of each expert:   

The CEO Perspective: Raffaele Mautone, Judy Security  

Mautone emphasized the strategic importance of maintaining control over AI initiatives. He advocates for a balanced approach that involves risk-taking and robust governance. Mautone highlighted the necessity of integrating AI within the organization’s infrastructure to minimize exposure to external threats. By keeping AI development in-house, companies can better manage security protocols and ensure data privacy. This approach aligns with Judy Security’s mission to leverage AI for enhanced customer security while maintaining stringent control over data.  

Key Points:  

  • Importance of collaboration with technologists within the company.  
  • Ensuring security and IT teams are involved in enabling AI initiatives.  
  • Continuous evaluation and adaptation of AI governance to incorporate new technologies and strategies.  

Quotes:  

  • “Lead with your technologist within the company and make sure that they are helping you from a security team or an IT team to enable whatever AI you may want in your company.”  
  • “It’s never too late to set AI governance. Analyze it on a quarterly basis as a governance group.”  

The CIO Perspective: Christina Shannon, KiK Consumer Products  

Shannon provided a pragmatic approach to AI security. She discussed the importance of embedding security controls from the outset, advocating for a “security by design” philosophy. Shannon emphasized that while there is a natural inclination to halt new technologies due to security concerns, it is more effective to implement guardrails that enable safe innovation. This involves classifying data, establishing governance frameworks, and ensuring that AI applications do not retain sensitive information longer than necessary. Shannon’s insights reflect a commitment to enabling business needs while maintaining robust security measures.  

  Key Points:  

  • Emphasizes the importance of data minimization and treating unnecessary data as “toxic waste.”  
  • Advocates for proactive incident response and data breach prevention strategies.  
  • Encourages maintaining clean data and focusing on minimizing the data risk landscape to reduce the impact of potential breaches.  

Quotes:  

  • “I used to ask everybody if they cared about data classification. Now I proclaim that data governance and data quality ARE data security. It’s one of the most important challenges your organization faces.”
  • “If you don’t need the data, it’s toxic waste. It’ll harm you if it spills. It’ll harm you if it spreads its toxicity across your environment.”

The CTO Perspective: Rob Server, Spirion  

As CTO of Spirion, Server highlighted the role of AI within the broader context of people, processes, and technology. Server underscored the importance of understanding data through accurate classification and enrichment as a foundational step in any AI initiative. This ensures that security measures are targeted and effective. He also discussed the necessity of proactively managing data before it enters AI models, through methods such as pseudonymization and cleansing. Server’s approach aligns with a holistic view of data governance, integrating security seamlessly into business operations.  

Key Points:  

  • Stresses the importance of starting AI initiatives without waiting for the perfect secure solution.  
  • Promotes security by design, ensuring that security measures are integrated from the beginning.  
  • Highlights the need for robust data classification and access control mechanisms before launching AI capabilities.  

Quotes:  

  • “With GenAI, always be thinking, who owns the data after you put it into the model? How do you get the model out? How do you forget about that data if you receive a right to be forgotten request?” ​
  • “Ask yourself what data is being used to program those models? What benefit will result, and is it necessary? That’s a future data breach you could prevent.”​​

The CISO Perspective: Steve ‘Stitch’ Hindle, Achilles Shield  

Hindle, seasoned CISO, provided insights into the technological challenges and solutions in securing data in a generative AI world. He addressed the risks associated with prompt injections and data poisoning, emphasizing the need for accurate data discovery and classification. Hindle stressed that effective data governance starts with a deep understanding of the data landscape, which enables the implementation of robust guardrails. His perspective reflects Spirion’s mission to protect sensitive information through advanced data governance solutions, ensuring that AI advancements do not compromise security.  

Key Points:  

  • Emphasizes the importance of combining people, processes, and technology in securing AI initiatives.  
  • Warns against relying solely on technology and highlights the need for comprehensive controls and understanding of data flow.  
  • Advocates for wrapping controls around systems to prevent data breaches and ensuring proper data management.  

Quotes:  

  • “Don’t rely on just the technology. It’s people, process, and technology.”  
  • “Organizations tend to forget that data is the lifeblood of their organization. We can’t just assume it’s safe.”

Summary: A Unified Approach to AI Security  

The insights from these industry leaders highlight a unified approach to securing data in the age of generative AI. By balancing innovation with robust security measures, organizations can harness the power of AI while safeguarding sensitive information. This approach requires strategic vision, proactive data management, and an unwavering commitment to security.  

For more information, read the blog offering key points and insights shared during this webinar.