Generative AI (GenAI) is enabling a new era of innovation, efficiency and productivity. GenAI is expected to transform roles and boost performance across functions like sales and marketing, customer operations and software development. In the process, GenAI will unlock trillions of dollars in value across sectors from banking to life sciences.

While companies like Nvidia and Google are developing large and small language models that are essential to GenAI, it is the data that will fuel large scale implementations of GenAI solutions. IDC Global DataSphere forecasts that global data volume is expected to more than double between 2022 and 2026. Given this volume growth, organizations need to efficiently secure the integrity of this data, which can be invaluable in helping innovate new products and services, evolve business models and enhance customer experience.

In HCLTech’s latest research, Cloud Evolution 2024: Mandate to Modernize, we hear from research participants about their evolving plans to implement GenAI projects. While 82% of company leaders agree that GenAI will have a positive impact on enterprise productivity, there are concerns related to providing the quantity and quality of data required for successful GenAI projects. The report found that 98% of companies participating in the research are primarily interested in GenAI solutions that are trained on or make inferences based on an enterprise’s proprietary data.

The outstanding question is how to protect and secure access to data required to fuel a successful GenAI project.

Both IT and business leaders report that GenAI could increase enterprise risk, with 38% reporting a concern related to security. Risk mitigation requires guardrails that will secure the data. The plan for leveraging proprietary data must include explainability and the ethical use of data to solve business problems.

HCLTech’s GenAI practice provides clients with plans, processes and best practices for initiating and completing GenAI projects. Let's look at three challenges that are directly related to the question of security.  

1. The need to move quickly

To accelerate time to market, organizations will need to develop and deploy LLM powered applications. This assumes their ability to attract skilled artificial intelligence (AI) professionals and most importantly, ensure that the IT infrastructure can support the computational demands of LLMs, which could represent investments in hardware and software. The infrastructure should include best practices for security and governance. 

2. The ability to adapt to changing business requirements

This implies model customization, bias mitigation and data security. Bias mitigation refers to ensuring that LLMs don’t generate harmful biases, and this requires careful data curation and the fine tuning of models. Data security is a consideration at the outset. 

3. Focus on data security

Data fuels the models but the sensitive data must be protected – preventing unauthorized access and misuse.

Addressing these challenges is viewed as a costly aspect of the GenAI solution stack.

IT leaders believe that business stakeholders are rushing into GenAI without an accurate assessment of risk. Business leaders are determined to move forward aggressively. To do this, they plan to work around IT and select third-party systems integrators and transformation partners.

In HCLTech’s research, of the companies reporting success, more than 60% say that they are working with integrators and service providers to close the skills gap and accelerate early-stage projects.

HCLTech provides this guidance to businesses choosing and developing GenAI projects:

• Choose a project that represents a business process that is well defined
• Ensure that the infrastructure, including your data platform is designed with security in mind
• Use available models from HCLTech that reflect industry experience and expertise and that can be adapted to your business priorities by using your proprietary data to train the model

The crucial role of data security in GenAI deployments

As more organizations begin to incorporate GenAI technologies into their operations, understanding the crucial role of data security becomes imperative. The success of GenAI depends on how effectively data is secured. Integrating data security into GenAI strategies is vital for responsible and effective AI use.

According to the HCLTech cloud research report, security concerns and regulatory compliance are top challenges for organizations moving sensitive data to the cloud for GenAI solutions. The data required for GenAI model training and inference predominantly resides in public cloud infrastructure, highlighting a reliance on cloud providers for advanced AI capabilities. Organizations actively monitor regulatory and compliance mandates, indicating an awareness of the evolving legal landscape.

HCLTech's AI Force, a dynamic suite of AI-powered solutions, prioritizes responsible AI adoption. It integrates robust security and governance measures to foster secure innovation and growth at scale.

LLMs and data security considerations

LLMs face serious data security challenges, such as ensuring data privacy, confidentiality and regulatory compliance. Risks include unauthorized access, data leaks and exposure of sensitive information. Addressing these issues requires a comprehensive understanding of LLM-specific security.

Key concerns include anonymizing and minimizing the sharing of sensitive information and using end-to-end encryption and secure channels like HTTPS for data transmission.

Furthermore, the data required for training and inference in the GenAI model predominantly resides in public cloud infrastructure, indicating a reliance on cloud providers for advanced AI capabilities. In HCLTech’s report, 37% of senior leaders expressed some security concerns regarding advancing their GenAI strategy in the public cloud due to the sensitive nature of the data being moved to the cloud.

Ensuring data security in GenAI strategies

Implementing GenAI in an organization necessitates addressing various data security concerns to protect sensitive information and maintain stakeholder trust.

Here are some practical solutions to mitigate these risks:

1. Data encryption

• Encryption at rest and in transit: Ensure that all data, both at rest and in transit, is encrypted using strong cryptographic standards. This protects the data from unauthorized access and potential breaches

• End-to-end encryption: Implement end-to-end encryption for data shared between users and GenAI systems to secure communications and prevent interception

2. Access controls

• Role-based access control (RBAC): Utilize RBAC to limit access to data based on the user's role within the organization. This minimizes the risk of unauthorized data access

• Multi-factor authentication (MFA): Deploy MFA to add an extra layer of security, ensuring that only authorized users can access sensitive information

3. Data anonymization and masking

• Data anonymization: Apply techniques such as k-anonymity, differential privacy and synthetic data generation to anonymize datasets, protecting individual privacy while preserving data utility

• Data masking: Mask sensitive data elements during the model training process to prevent exposure of personally identifiable information (PII)

4. Regular security audits and assessments

• Routine audits: Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses in the system

• Penetration testing: Engage in penetration testing to simulate cyberattacks and evaluate the robustness of the GenAI system's security measures

5. Compliance with regulations and standards

• Regulatory adherence: Ensure compliance with relevant data protection and AI regulations such as GDPR, the European AI Act, the US AI Bill of Rights, CCPA and HIPAA. Maintain up-to-date knowledge of regulatory changes to adjust practices accordingly

• Industry standards: Implement industry best practices and standards, such as ISO/IEC 27001 for information security management and NIST guidelines for cybersecurity

6. Security awareness and training

• Employee training: Provide continuous training programs to educate employees about data security best practices and emerging threats

• Security culture: Foster a culture that prioritizes security, encouraging employees to adhere to security protocols and report potential vulnerabilities

HCLTech's GenAI offerings take a comprehensive approach across industries and business functions. These offerings prioritize innovation while adhering to a responsible and ethical AI framework, ensuring privacy, protecting intellectual property rights, promoting fairness and verifying factual accuracy.

Building trust with stakeholders

Demonstrating a clear and unwavering commitment to data protection mitigates risks and builds trust with stakeholders, paving the way for successful and sustainable AI integration. Here are some ways organizations can foster trust with their partners and stakeholders.

1. Transparent communication

• Communicate regularly with stakeholders about security policies, practices and any measures taken to protect data

• Be transparent about any data breaches or security incidents, including the actions taken to mitigate and resolve the issues, thereby demonstrating accountability and responsiveness

2. Third-party security certifications

• Secure certifications from recognized third-party security auditors exemplify the organization's commitment to data protection. Recently, HCLTech has been recognized with the Amazon Web Services (AWS) Generative AI Competency Partner status for its expertise in building GenAI applications on AWS and delivering transformative outcomes to enterprises while complying with safe, ethical and responsible AI practices

• Perform regular independent security audits to validate the effectiveness of security practices and share the findings with stakeholders

3. Robust data governance framework

• Establish a comprehensive data governance framework that outlines policies and procedures for managing data securely throughout its lifecycle

• Appoint data stewards or custodians responsible for overseeing data security and integrity, ensuring best practices are consistently followed

4. Customer and partner engagement

• Engage customers and partners in discussions about security measures and seek their input on potential improvements

• Develop initiatives that build trust, such as customer security advisories, security-focused webinars and transparent reporting mechanisms

Alleviate data security worries

By understanding and implementing secure GenAI practices, organizations can harness GenAI's full potential while safeguarding their critical data assets. Partnering with the right technology and service providers is important for organizations to effectively balance GenAI innovation with necessary data protection.

HCLTech is effectively navigating the complexities of GenAI innovation while maintaining rigorous data security measures. By leveraging HCLTech's expertise in secure GenAI practices, organizations can innovate while protecting data. HCLTech ensures operational efficiency, regulatory compliance and data integrity, enabling confident GenAI integration and maintaining trust in a data-driven world.