Protecting IP and secret data in the age of AI

April 2024 Editor's Choice

The promise of artificial intelligence (AI) in their everyday lives is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

The promise of artificial intelligence (AI) in their everyday lives is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

With more than 70% of southern Africa’s CEOs making generative AI a top investment priority, most companies are asking many of the right questions, such as “How do we not miss taking advantage of this emerging technology?”, “How does AI fit into our digital transformation strategy?”, “How can we operationalise and securely put all our data to work?”, and “How do we execute a successful AI strategy with limited resources?”. However, not enough is asked about the corporate secrets used to train AI models to achieve the activities mentioned above.

Michael Langeveld.

Risky business?

Corporate secrets and IP are critical issues. The majority of public AI services – like ChatGPT – reply on inputs from a variety of sources, and their knowledge grows through input from users. That means every piece of data passed into that system helps evolve, mature, and train those models and inferences and other generative elements.

But what happens when those pieces of data are your corporate secrets?

When protected or secret data is fed into and informing models, it is no longer secret – it is now part of that platform. For most enterprises, that is a daunting thought. Without careful planning and policies, losing control over corporate secrets could be the new reality.

Healthcare as an example

Healthcare provides a good reference point because healthcare companies in South Africa handle very private and sensitive data. These companies often cannot outsource or move data outside of very specific regions based on compliance requirements, security, privacy needs, and more.

However, there are a number of tasks within healthcare where AI could help. These are automatable, mundane, and non-value-added tasks. Building AI solutions for some of these areas would free up teams to focus on better, more timely, and more accurate patient care. Some examples might include speech-to-text transcription for doctor’s notes or pre-screening patients through a portal that lets them self-present their symptoms.

In fact, the widespread adoption of AI-powered tools designed to drive efficiencies in healthcare could unlock billions in potential savings across countries in Africa. But protecting that data is vital.

Minimising risk

The question then is how to leverage AI’s capabilities and promise without risking exposing sensitive data, corporate secrets, and precious internal resources.

A recent survey by IDC discusses how many companies are considering moving their priority AI-related workloads from a private cloud or clouds to the public infrastructure (Workload Repatriation Trends Update” by Natalya Yezhkova, June 2023). While that can work for some companies, there are some important considerations, such as the locality of data, security, privacy, and risk.

For AI placement, the reality is not all workloads should be treated equally. A good way to minimise risk for sensitive workloads and data is by utilising a hybrid approach. According to the IDC, around 60% of South African organisations say they are using a combination of public and private clouds.

Hybrid by design

Many enterprises today already employ a hybrid approach because they are running a collection of private and public infrastructure. This is a ‘hybrid by accident’ approach for all intents and purposes.

Hybrid by design, however, is more purposeful and structured, enabling experiences for intentional workload placement, and allowing the enterprise to make workload placement decisions based on the performance, security, compliance, cost, and other considerations on where best to deploy their workloads optimally.

AI in IT

Beyond its mystique, AI is simply another workload. As with any workload, IT must decide whether it should reside on public, private, or hybrid clouds. Making the best decision at the outset means determining first how they will provide the core tenets/core primitives they need to deliver AI. Considerations should include inferencing, PFT, fine-tuning, and other components along the AI spectrum. Not surprisingly, many will find a private cloud is a great landing spot, especially when security and privacy are primary considerations.

With some private cloud solutions, vendors might provide out-of-the-box, GPU-enabled AI-optimised instance types based on the workloads the customer plans to run in their environment. These are not one-size-fits-all solutions, typically, but rather are optimised and designed to run AI workloads. It is also possible to deliver cloud primitives in a self-service experience, including common tooling, APIs, CLI, Terraform workloads, and the like.

This approach allows the company deploying the private cloud to focus on the automation and orchestration of deploying the workloads across various modes – from containers to virtual machines to bare metal. It also makes the cloud experience feel as flexible as public clouds, but with the optimal security and design of a private cloud.

Benefits of private clouds

In a private cloud, the user company controls the geographic locality of its data. By running their clouds privately, they also have the inherent low-latency, direct connectivity to their core data. With the majority of corporate AI workloads being run against precious corporate assets and corporate data, users can do their work without leaving the security of the virtual or physical boundary of their own data centres, co-location environments, or other dedicated environments.

Workload-enabled solutions or those built for purpose as part of a private cloud experience are the ones that will truly make a difference in protecting their assets and optimising the value of AI.

Open standards

How do companies get there? The focus should be, “How do I bring the power of these computing resources to enable and deliver these AI workloads where I need them to be?” That might include running them in a core data centre against the company’s data or running in edge locations providing real-time inferencing results at the edge.

They can often speed this process by embracing open standards and allowing cloud users to essentially self-service with common or well-known tooling (think Terraform or other de facto standards) to determine how they would handle templating, orchestrating, deploying, and managing these types of workloads and solutions. Conducting activities like this in a private cloud can help ensure full agility and speed.

Another important consideration is how they will consume their AI services, with options ranging from a fully managed ‘deliver this as a cloud’ or as-a-service in the data centre to employing self-service tooling so that companies can manage and operate the cloud themselves.

For many South African companies, a hybrid cloud experience with AI will work best for visibility, deploying and managing their workloads across not just private cloud or clouds, but also then extending into the hyperscale public cloud environments.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.