Skip to Main Content

Data security is key with generative AI platforms

Security and AI.jpg

Generative AI for the enterprise has arrived.

With Goldman Sachs estimating that GenAI could raise the global GDP by 7% in the next 10 years, organizations are rushing to understand the potential and capabilities of foundation models. Early leading use cases for GenAI include customer care, digital labor, and IT operations.

You can build an AI platform on your own, piecing together various data, AI, and governance components, or you can leverage a ready-to-go platform that contains all of those, such as IBM’s Watsonx.

When discussing AI with our customers, some of the earliest questions we get are about how to deploy GenAI and the security included with such systems. In the case of IBM Watsonx, security is layered and configured on levels to ensure that your data, application endpoints, and identity are protected on any cloud. Those security levels are:

  • Network Security: Protects the network infrastructure and the points where your database or applications interact with the cloud.
  • Enterprise Security: Enterprises are multiple cloud accounts in a hierarchy. You can have separate accounts for your various environments or isolate workloads in separate accounts.
  • Account Security: This includes IAM and Access group roles, Service IDs, monitoring, and other security mechanisms that are configured on the Cloud for your cloud account.
  • Data Security: Data security protects the IBM Cloud Object Storage service instance, provides data encryption for at-rest and in-motion data, and other security mechanisms related to data.
  • Collaborator Security: Protect your workspaces by assigning role-based access controls to collaborators.

Since data fuels AI, and having governed, auditable, and secure data ensures one aspect of accuracy and explainability of your models, let’s dig a little deeper into all of the ways Watsonx protects your data:

  1. Configuring Cloud Object Storage: IBM Cloud Object Storage provides storage for projects, catalogs, and deployment spaces. The IBM Cloud Identity and Access Management (IAM) service securely authenticates users and controls access to IBM Cloud Object Storage.
  2. Controlling Access With Service Credentials: Cloud Object Storage credentials consist of a service credential and a Service ID. Policies are assigned to Service IDs to control access. The credentials are used to create a secure connection to the Cloud Object Storage instance, with access control as determined by the policy.
  3. Encrypting Data At Rest: By default, at rest data is encrypted with randomly generated keys that are managed by IBM. To provide extra protection for at rest data, you can create and manage your own keys with IBM Key Protect for IBM Cloud. Key Protect is a full-service encryption solution that allows data to be secured and stored in IBM Cloud Object Storage.
  4. Encrypting Data In Motion: Data is encrypted when transmitted by IBM on any public networks and within the Cloud Service's private data center network. Encryption methods such as HTTPS, SSL, and TLS are used to protect data in motion.
  5. Backups: To avoid loss of important data, create and properly store backups. You can use IBM Cloud Backup to securely back up your data between IBM Cloud servers in one or more IBM Cloud data centers.

Generative AI is redefining almost every job at every level of business. If you are interested in learning how LRS can help you amplify your business with AI while making secured data part of the AI lifecycle, please contact us to request a meeting.

About the author

Steve Cavolick is a Senior Solution Architect with LRS IT Solutions. With over 20 years of experience in enterprise business analytics and information management, Steve is 100% focused on helping customers find value in their data to drive better business outcomes. Using technologies from best-of-breed vendors, he has created solutions for the retail, telco, manufacturing, distribution, financial services, gaming, and insurance industries.