Securing Your Internal Knowledge Amidst Shadow AI

Access Control Policies and Enforcement

Once users have found their sensitive content and classified it as such via metadata, they can implement access control policies for it. These policies are based on a mixture of needs from the business, IT teams, security personnel, and data governance councils. Top solutions allow organizations to devise policies as code that’s enforceable within respective sources. With this method, they author policies once (typically via visual means or language models) and enforce them in various sources sans rewriting the code for each repository, which might include a CRM or database.

The controls themselves typically include forms of masking, tokenization, and encryption. Controls are oftentimes centered on what Grout termed “rolebased access and metadata-based access.” With the former, controls are based on user roles. Alone, this methodology isn’t always easy to scale, because anytime anything about data access changes (like where a person is), a new role is required for it. Metadata-based access controls are more efficacious because they can be based on user attributes or those for the data itself.

Lifecycle Management

Lifecycle management is critical for securing internal knowledge. It not only pertains to facets of retention—for which there are frequently strict regulations— but also the different phases that pieces of content move through during their journey throughout the enterprise. The provenance graph or data lineage capabilities that Aasman described are pivotal for monitoring these different transitional developments. Synthesizing the role- and metadata-based access paradigms Grout referenced can produce remarkably dynamic means of enforcing access controls so that, as Grout gave as an example, “If it’s a contract in certain stages, you can have it so only certain people have access.”

With this method, specific users or roles can access contracts during the drafting stage, but not during the review process or once it’s signed by a particular party. Access is granted only when both access control methodologies are satisfied. “So, based on my role and the metadata, if you do a Venn diagram and put the two together, I’d have to have the right role and the document’s got to have the right metadata set, at a particular point in the workflow, for me to see the document,” Grout explained. This process works well with scripting capabilities that execute the underlying business logic pertaining to accessing content.

Additionally, the controls ascribed to the respective access paradigms are responsible for obfuscating content to restrict data access. However, one of the critical points about this approach is that the content remains securely internal to the enterprise. “So, in addition to not being able to access it based on where it is in a workflow, you won’t be able to push it through to third-party senders or send it out,” Grout added.

Leakage to Language Models

Users must still remain savvy about having their proprietary data utilized to train the language models they might access for deployments of RAG, vector databases, and question-answering. The first step in doing so is to actively discourage users from engaging in shadow AI practices that could compromise valuable internal knowledge. As Grout mentioned, organizations that furnish user-friendly, intuitive forms of language models or smart agent interactions can drastically decrease such an unwanted occurrence.