4 ways CISOs can manage AI use in the enterprise
But conversely, trying to prohibit the use of and blocking of AI at the firewall would be akin to being considered a Luddite from the Stone Age – you simply cannot prevent access to AI and be a player in the 21st century.
So, simply blocking LLM access is not the right answer. As some executives suggested, it would benefit the enterprise more to monitor the AI traffic at an aggregate (not employee-specific) level to understand the risks of public LLM usage. With that knowledge and training, policies can be better optimized to protect the organization while providing the advantages provided by AI.
Government oversight
All the recent innovation has certainly caught the U.S. government’s attention. And that’s why in October, the White House issued its guidelines on regulating AI in government agencies. The Executive Order calls for AI governance to move forward with urgency, with calls to start implementation in 90 days to a full year. While new laws around AI are likely still far off, I think it’s the right move for federal agencies to start shaping AI regulation for the broader market.
There is a solid argument that regulation will stifle innovation, particularly in this early phase of AI development. But, as any observer can see, it takes the government a long time to pass any laws relating to industry regulation so it’s time to get people talking and thinking about it now. AI is evolving faster than any tech wave we have seen in the past.
4 focus areas for CISOs
As a corporate CISO, it’s your responsibility to help manage the safe use of generative AI within your organization to protect your company. Here are four steps to take now as the industry, technologies, and regulations evolve.
1) Training, policy & process
Today, the most practical thing everyone can do is undergo AI training and implement company policies and processes. Just like we train people around phishing, ransomware, and other security topics, we need to train employees, partners, and other stakeholders about how AI works, the risks within the enterprise, how to use it sensibly, and how it may benefit (or potentially harm) the enterprise.
