Almost two decades ago, Clive Humby coined the now-infamous phrase “data is the new oil”. With artificial intelligence (AI), we’ve got the new internal combustion engine. The discourse around AI has reached a fever pitch, but this ‘age of AI’ we have entered is just a chapter in a story that’s been going on for years – digital transformation.
The AI hype gripping every industry right now is understandable. The potential is big, exciting, and revolutionary, but before we run off and start our engines, organizations need to put processes in place to power data resilience and ensure their data is available, accurate, protected, and intelligent so that their business continues to run no matter what happens. Look after your data, and it will look after you.
Take control before shadow sprawl does
It’s far easier to manage with training and controls early on when it comes to something so pervasive and ever-changing as a company’s data. You don’t want to be left trying to ‘unbake the cake.’ The time to start is now. The latest McKinsey Global Survey on AI found that 65% of respondents reported that their organization regularly uses Gen AI (double from just ten months before). But the stat that should give IT and security leaders pause is that nearly half of the respondents said they are ‘heavily customizing’ or developing their own models.
This is a new wave of ‘shadow IT’ – unsanctioned or unknown use of software, or systems across an organization. For a large enterprise, keeping track of the tools teams across various business units might be using is already a challenge. Departments or even individuals building or adapting large language models (LLMs) will make it even harder to manage and track data movement and risk across the organization. The fact is, it’s almost impossible to have complete control over this, but putting processes and training in place around data stewardship, data privacy, and IP will help. If nothing else, having these measures in place makes the company’s position far more defendable if anything goes wrong.
Managing the risk
It’s not about being the progress police. AI is a great tool that organizations and departments will get enormous value out of. But as it quickly becomes part of the tech stack, it’s vital to ensure these fall within the rest of the business’s data governance and protection principles. For most AI tools, it’s about mitigating the operational risk of the data that flows through them. Broadly speaking, there are three main risk factors: security (what if an outside party accesses or steals the data?), availability (what if we lose access to the data, even temporarily?), and accuracy (what if what we’re working from is wrong?).
This is where data resilience is crucial. As AI tools become integral to your tech stack, you need to ensure visibility, governance, and protection across your entire ‘data landscape’. It comes back to the relatively old-school CIA triad – maintaining confidentiality, integrity, and availability of your data. Rampant or uncontrolled use of AI models across a business could create gaps. Data resilience is already a priority in most areas of an organization, and LLMs and other AI tools need to be covered. Across the business, you need to understand your business-critical data and where it lives. Companies might have good data governance and resilience now, but if adequate training isn’t put in place, uncontrolled use of AI could cause issues. What’s worse, is you might not even know about them.