You cannot turn a corner without entering the world of AI. I was in a big box home improvement store the other day and there was a manufacturer touting the AI built into their refrigerator! Children’s toys, personal electronics, and even cat litter boxes are now selling AI-assisted products.
I am a technology early adopter, and where I’ve seen good uses of AI, we are in the phase of “throw AI into everything” mode, as we do not know what will stick. As someone who has worked on the governance side of the equation for over a decade, I see these products and immediately wonder, what data did this company use to train their models?
Data Security Posture Management, or ‘DSPM,’ has been a term that has been around since 2022. Its focus has been on a “data first” mindset: scanning, labeling, and categorizing your company data (files, databases) to apply controls around it so it is not misused.
Depending on your industry, you may already have a DSPM tool (like the archTIS tool, Spirion) deployed throughout your organization to help manage legal or regulatory requirements. The scope of a good DSPM product has expanded as the core of any Large Language Model (LLM) is a vast amount of training data.
Expanding The Scope of DSPM – AI Guardrails
If you follow the articles posted by the majority of the large analyst firms, they have been stating that DSPM is at the core of any AI development effort. Why? You need to ensure you are training any product or tool with data you are allowed to train with.
Allowed is a word that means many different things to many different industries, but in general, you need to have permission or own the data you use to train your AI, so you will not violate anyone’s privacy, federal or state rules and/or regulations.
This is where a good DSPM tool can establish your AI guardrails program.
What is a Label?
You may have heard many different names for what I am calling a ‘label’ (e.g., tag, meta data, classification, etc.). Think of this as a name or phrase added as metadata to any content your company creates, to help identify what type of information is stored in that file or database.
Sometimes, the end-users support adding the label to the information they create, sometimes it is purely done in the background automatically via a scanning process. Either way, any file you may produce will contain one or multiple of these descriptive words or phrases that help categorize it.
AI Guardrail Labels – Adding Scope to Your DSPM
Initially the scope of creating labels was to help manage sharing and labels such as Personal, Confidential, Private, Sensitive, Public, were signals to a user or a downstream security tool to indicate how broadly can you share the file you are viewing.
Practical use of sharing labels could be a data loss prevention tool reading the label of a file you are sending at work via email, reading it is a confidential file being sent to a Gmail account, and have a rule in place to block it.
The scope of labels in use now needs to increase, as their scope now includes training data that will be used to train your company LLM’s.
New DSPM Goal “Can” I Use This Data For our AI Tool?
Take a look at the labeling schema you use today, or if you are new to it, think about how you want to identify:
- AI-friendly content, and,
- Content that should never be used to train company AI.
This new identifier should be in addition to the labeling you may already be doing, because the need to manage sharing has not gone away, but the scope of using labels has simply increased.
When creating a labeling schema, I always suggest starting simple as it is easier to grow classifications than to remove classifications. Plus, overly complex classification schemas are confusing to end users, and you do not want to create ambiguity in what they see and use.
“AI-Trainable” or “AI-Restricted” are two easily understood labels that can lay a good foundation. There is always nuance to address depending on the industry, so sometimes it is a combination of labels like a “Public” label + “AI-Trainable” identifies training data that can be used for consumer AI, where “Internal” + “AI-Trainable” can be used for internal workforce support tools.
How to Get Started
- First, you need to acquire a DSPM tool like the Spirion Sensitive Data Platform (SDP) by archTIS. It allows for multi-label applications regardless of where your unstructured/structured content may reside.
- Next, design a schema that works for you. Start simple and grow your labels as you start to unpack the challenges your company faces in first understanding the data you have and then using that data for your fast-moving AI projects.
- Finally, scan and label your environment, communicating how members of your AI development teams can identify what data is valid for the AI tools they may be working on.
The AI revolution is still in its early stages, so where it feels like you might be too late, understanding the risk associated with what has been deployed and any future training is incredibly important. Your Large Language Models are never going to stop trying to consume data.
With an AI Guardrails program with Spirion SDP leading the way, you are positioning your organization for today’s workloads and managing the workloads yet to be discovered.
Contact Us to get a conversation started.
