Advancements in Artificial Intelligence (AI) and Machine Learning (ML) have lowered the barrier of entry for non-security users to independently develop and manage their own data products, which when decentralised to enable separate cross domain data analysis is known as ‘data mesh’. As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcomes and the organisation’s security.
Over half of organisations anticipate incorporating AI within the next two years, with 40% planning to boost their overall AI investments due to advancements in generative AI. Ensuring security is pivotal for the success of AI, yet it remains a significant obstacle.
Data Security stands out as the top risk that organisations aim to address, and unless a solution is found, the widespread adoption of AI tools in the enterprise may come to a standstill. 80% of data leaders top priorities are data security related initiatives – such as implementing stronger data governance and security controls and modernising data architectures with new concepts like data mesh – while only 20% believe integrating AI into business processes will be a top priority.
Generative AI opens doors to greater security risks
AI and large language models (LLMs) pose various security and privacy challenges, such as the issue of training data. Given that AI models often rely on extensive training datasets and ongoing refinement, preventing poisoning—wherein proprietary or public training data is intentionally manipulated or tampered with to influence a model—can be a formidable task.
Businesses face many risks when implementing AI; biased decision-making, inaccurate recommendations, misinterpretation of outliers, privacy concerns, legal and ethical issues, and trust-related challenges to name just a few. Organisations must implement a governance strategy and deploy effective data security tools specifically designed for AI to ensure these technologies are used responsibly without causing damage.
Enabling access to AI tools
The democratisation of AI has greatly reduced the requirements needed to implement it successfully within an organisation. With the reduced entry barrier for developing and managing data products, especially in non-security aspects, the central IT team experiences less pressure. This alleviation helps prevent the creation of bottlenecks that could otherwise significantly impede the progress of advanced analytics and AI initiatives.
AI can create substantial impact in two key areas: data discovery, involving the identification and classification of sensitive data, and data fusion, which entails linking information across diverse systems and classifications. AI has the potential to significantly streamline both processes.
The challenge at hand has prompted consideration of data mesh as a potential solution, although scepticism regarding its viability and necessity persist. However, the current surge in AI interest has revitalised the conversation, emphasising the potential role data mesh can play.
AI and ML applications demand substantial amounts of data, and suboptimal outcomes may arise from incomplete or inaccurate data inputs. It seems impractical to expect the central IT team to provide the necessary attention and care for all this data that are essential for ensuring optimal performance of AI models.
In contrast, data mesh empowers individual departments and business users with the expertise in specific data domains to oversee data-related care and decision-making. It establishes a self-organising mesh where different business groups collaborate to define their data requirements, agree on data sharing protocols, and align on optimal ways to utilise the data.
This decentralised approach facilitates swift data access, enhances data quality, and aligns data solutions more effectively with business objectives.
However, persistent misconceptions about data mesh still exist. It is not a ready-made solution but demands a coordinated effort involving people, processes, and technology. The decentralised structure inherent in data mesh architectures results in a proliferation of data access policies. Scaling the traditional role-based access control model for each data product without enterprise-level governance oversight introduces considerable complexities. A robust and well-organised data governance foundation becomes imperative to support both AI initiatives and cloud migration.
Addressing security risks posed by AI
With AI and ML tools proliferating the use of unstructured data in an environment traditionally built on structured data, the risk of compromising the organisation’s security is significantly higher, particularly when the AI and ML models are neither trained nor governed properly.
In order to fully realise the benefits of AI and ML, businesses must consider the four following points when implementing them:
- What data is being used to train the LLM.
- How is the LLM being trained.
- What controls exist on deployed LLMs.
- How can the veracity of outputs be assessed.
These four interlinked processes are all crucial phases of the data security lifecycle and must be considered if a business wants to discover sensitive data, detect how it is being utilised, secure access to needed users and purposes, and monitor how controls are protecting sensitive information.
Assessing the veracity of outputs, if not given the necessary consideration from the outset, can result in the spread of damaging misinformation. Access controls play a pivotal role in meeting this challenge, offering capabilities to establish the intended scope of the model and restricting activities that exceed the defined boundaries.
Establishing a culture of data security
With the adoption of AI and ML tools increasing quicker than ever, organisations must foster a culture shift that ensures data access control and governance are distributed across all teams within the organisation via the implementation of a data mesh approach.
With proper governance and regulation against the potential security risks of using these tools, businesses can ensure the responsible use of these technologies for their own benefit.
