Published 23 January 2024

Generative AI – Is it a part of your security strategy?

Generative AI – Is it a part of your security strategy?

I dare to believe that you, who are reading this, have come a long way on your company's digitization journey, a journey in its modern form that began for many organizations during the pandemic but also before. It is a long journey with many different stops, where you pick up different components to be a workplace that includes your users' wishes. It is also a journey that is constantly changing and this, among other things, through AI, and that also places demands on your security strategy.

What does Generative AI mean?

It is a type of artificial intelligence that can create digital content. It is an overarching term for processes that produce data usually in the form of images or text for us to read. Some of these models/programs within Generative AI are Chat GPT and Dall-E. Through machine learning, Generative AI can process large amounts of text and images.

Interview with Joacim Häll, CTO at Infozone

I did a short interview with Joacim Häll who works as CTO at Infozone to get some answers on how he thinks companies should work when their users want Generative AI and this then connected to the security aspect.

What are the risks for business users of using different models for Generative AI?

There are risks with the information you share via the applications such as Chat GPT because it collects and generates data linked to history. It soaks up all the information it can and of course there are risks involved. If you don’t have a well-applied policy for your users regarding privacy, this can be a big risk. One of the major risks is SHADOW IT; when services and information channels appear from the users that the IT department is not aware of.

What do companies have to have in consideration when, for example, people in my role who work in marketing wants to install apps like Chat GPT?

Companies needs to look at tools that protect the spread of information and there are very good tools for this today. If employees want to download applications that make their work easier, then be a company at the forefront that has clear security policies and work with good tools.

What is most important for the IT security manager to think about when it comes to applications within, for example, Generative AI?

Once again, information dissemination and security holes! AI can generate new web applications that are great, but they might also come with security holes that can open up the entire company to cyber attacks, and you have to be aware of this. This by setting up security policies and constantly working with them.

Alot of companies prohibit the implementation of applications/models regarding Generative AI, because of risks to data security and privacy. But we believe that you should review your security policies and follow the AI train based on opportunities and requests from your users, as many of the solutions can increase your efficiency at the company. BUT with great caution and make sure you have a stable security foundation. If you want to look over your security policy together and want advice to increase your efficiency, then don’t hesitate to book a workshop with us.

Eva-Katrine Persson, Marketing Manager at Infozone