4 Ways Generative AI Will Impact CISOs and Their Teams: Gartner® Report

Gartner on how can we control generative AI consumption

While user training and acceptable use policies are critical components of a robust security strategy for working with generative AI, relying on the diligence of individual employees is not a viable approach. It makes most sense to apply security solutions to prevent data exfiltration caused by careless employee use of generative AI applications. On this topic, Gartner lists “five tactics to gain better control of GenAI consumption,” which are: define a governance entity and workflow, monitor and block, quickly communicate a short acceptable use policy, investigate prompt engineering and API integrations, and favor private hosting.

Gartner on blocking known domains and applications to generative AI

Workers will always want to use productivity-enhancing tools and placing them off-limits may encourage employees to use shadow AI on unmanaged personal devices. Here is Gartner again on the topic:

“Security leaders must acknowledge that blocking known domains and applications is not a sustainable or comprehensive option. It will also ;trigger “user bypasses,” where employees would share corporate data with unmonitored personal devices in order to get access to the tools. Many organizations already shifted from blocking to an “approval” page with a link to the organization’s policy and a form to submit an access request.”

Instead of removing access to generative AI applications like ChatGPT for all employees, Forcepoint offers powerful Data Loss Prevention (DLP) capabilities delivered through the Forcepoint ONE platform allow organizations to reap the benefits of generative AI without losing control of sensitive data.

Forcepoint ONE handles the access piece of the equation, in addition to monitoring web traffic between users and those generative apps, including image tools like DALL-E as an example.  The hyperscaler-based Forcepoint ONE platform also provides centralized policy enforcement, enabling security teams to curate secure access to thousands of generative AI applications.

CISOs can use a single policy to manage Forcepoint Data Security Solutions across all channels, and Forcepoint ONE offers unified reporting with a single-pane-of-glass view of enterprise data security. This makes it simple to set and enforce policies for generative AI use that maximize the technology’s potential and keep employees happy without exposing organizations to risk of data leakage.

###

Source: Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams, By Jeremy D'Hoinne, Avivah Litan, Peter Firstbrook, 29 June 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.