2024 Data Security Trendbook

Chapter 02: The Immediate & Lasting Impacts of Artificial Intelligence

It’s near impossible to talk about data in 2024 without bringing up artificial intelligence (AI). In less than one year, generative AI went from buzzword to business-driving technology, and it doesn’t appear to be slowing down anytime soon. 

A whopping 88% of respondents to one survey shared that employees at their organizations are already using AI, whether or not it has been officially adopted by leadership. With the rapid development and adoption of AI continuing into 2024, where do experts see this technology going next – and what impacts will AI have on data security and use?

Matthew Carroll
Co-Founder & CEO, Immuta

2024 will be the year of the AI control system. Despite the hype around generative AI, there is a broader issue around developing the control system for AI. Traditionally, control systems have been built with the idea that there will be a control expert, a human, at the center. AI brings an entirely new paradigm where there is no human control. AI initiatives won’t get into full scale production without a new form of control system in place.

According to our research surveying 700 data platforms and security practitioners, 80% said their top priorities were focused on implementing stronger data governance and security controls, while only 20% noted integrating AI into business processes will be a top priority. The entire data ecosystem needs to band together and invest in this control system, but without associated monetary incentives, organizations will continue focusing on their own data security and governance. In 2024, we’ll see discretionary level spending dedicated to building this control system in order to get production-level AI.

Kaj Pedersen
CTO, AstrumU

History has demonstrated that the AI bubble will burst. This is not a bad thing, as this is how the startup world works, with some companies succeeding and others that don’t. What will emerge are the AI companies that have actual value in terms of technology, working products with revenue, and engaged customers. What we will learn from the hype phase will also be of benefit since this will drive our understanding of how to leverage AI with security and useful services.  

We will see massive changes come to areas like education and learning, where the LLMs can serve as educational tools – providing explanations, definitions, and answers to questions in a wide range of subjects. However, the impact will be broad and significant as industries shape themselves around the opportunity.

At AstrumU, we see AI enabling the verified skills based economy for individuals to succeed in their education and careers, as we breakdown people’s education, experiences, and activities into competency models that can drive opportunity for the underserved, yet employable, people to foster a new era of productivity within the US.

Sanjot Shah
Enterprise Data Governance Leader, Cummins

Investments in AI, data analysis, and governance are on the rise in North America, Europe, and China. And while Generative AI is currently on an upward trajectory and making progress, there is still room for improvement. 

In certain domains or applications, Generative AI models may play a leading role. Industries such as healthcare, academics, and manufacturing will benefit from more specific solutions that increase efficiency. Improved collaboration between humans and AI will be critical in decision-making processes to solve complex issues. 

There will be a growing need for data governance, privacy, and transparency in Gen AI. It is only a matter of time before more laws and regulations are introduced to address privacy and data security concerns.

Sophie Stalla-Bourdillon
Principal Legal & Privacy Engineer, Immuta

The hype around Generative AI and LLMs will continue to grow, as investors caught into the race will continue to pour money in the space. This will occur despite a series of high-profile lawsuits against generative AI providers, global lawmakers’ attempts to strengthen the regulatory burden upon developers, users in fights against lobbies, and evidence that existing protocols are often not good enough to address high-risk issues

Different approaches to LLM development are progressively emerging, with companies like OpenAI shifting towards a purely commercial strategy (as evidenced by recent development), and initiatives like Kuytai trying to democratize AI through open science.

Mike Scott
CISO, Immuta

Gartner predicts that IT spending will increase more than 70% over the next year. In addition to expanding current solutions, this will likely mean new tools, software, technology integrations, etc., and a lot of it will be powered by artificial intelligence (AI). Organizations have to continue to embrace new technology to remain competitive and relevant in today’s economic landscape. Still, the introduction and integration of AI-based solutions create complexities for security teams, who will have more to manage and oversee than ever before. 

To support the inevitability of AI, organizations will need to do two things. First, they will need to implement policies and processes around AI in general, and these integrations, or the speed at which they can innovate, will be impacted. Second, there will be a need for a significant amount of education from the top down around the difference between AI, machine learning (ML), and large language models (LLMs) to ensure teams are aware of what risks exist and when company policies are relevant. The democratization of AI means the technology is being used by employees who are not as technologically savvy. There will likely be confusion around how to write and apply new policies to these new tools, given the broad user base. 

Eric Barton
Director, Data Governance, Hakkoda

The trajectory of Generative AI and large language models (LLMs) is poised for an upward and outward expansion, with their potential only beginning to be tapped. The hype surrounding these technologies is not just hot air inflating a bubble; it’s the anticipatory buzz of industries on the cusp of a revolution.

The key to harnessing the power of LLMs while safeguarding against their risks lies in a robust data governance framework. Such a framework is essential not only for guiding the ethical and secure use of LLMs, but also for establishing standards for measuring their outputs and ensuring their integrity.

As we move forward, the evolution of LLMs will likely be characterized by increased sophistication, with advancements in understanding context, nuance, and the subtleties of human language. This will open new avenues for applications in data analysis, customer service, and decision-making processes, further embedding LLMs into the fabric of data-driven industries. Moreover, as the technology matures, we anticipate a surge in demand for governance models that are as dynamic and intelligent as the AI they seek to regulate. This will involve continuous learning and adaptation, much like the AI itself, to ensure that data security keeps pace with innovation.

Sam Hall
Solution Architect, phData

Security and data protection have always been contentious, and that is why I think cloud vendors like Microsoft and Amazon will win over AI products like Anthropic and OpenAI. The data lives in their ecosystems and people already trust their data in those clouds. 

As far as the hype around generative AI and LLMs, it will probably continue to grow in the short term. The real winners, however, will be the corporations that create real value from better data engineering processes that are used to leverage AI models using their own data and business context. The key impact for these companies will be in knowledge management – processing private data with AI, not building AI products themselves. Vector databases and data engineering are critical here.

Alla Valente
Senior Analyst, Forrester

This year, an app using ChatGPT will be fined for its handling of PII. Regulators have been busy with genAI for most of 2023, and OpenAI continues to receive a lot of regulatory scrutiny in various global regions. 

For example, in Europe, the European Data Protection Board has launched a task force to coordinate enforcement actions against OpenAI’s ChatGPT. And in the US, the FTC is also investigating OpenAI. While OpenAI has the technical and financial resources to defend itself against these regulators, other third-party apps running on ChatGPT likely do not. In fact, some apps introduce risks via their third-party tech provider but lack the resources and expertise to mitigate them appropriately. In 2024, companies must identify apps that could potentially increase their risk exposure and double down on third-party risk management.

Sanjeev Mohan
Principal & Founder, SanjMo

It is an understatement to say that Generative AI has the potential to be truly transformational. However, they are non deterministic and thus far we have been building deterministic and predictable data solutions. In addition to nascent best practices, as organizations start deriving decisions from unstructured data, new risks emerge.

These risks include ethics, adoption, employee training, use policies, IP, bias, accuracy, hallucinations, privacy, and security, compliance and legal, and model drift, etc. Hence, AI governance rises to be the most important lynchpin in the success of generative AI applications.

AI governance will have to coexist with existing data governance practices. A unified metadata plane will be required to avoid creating metadata silos and leading to separate data stacks for structured and unstructured data.

Benjamin Rojogan
Owner and Data Consultant, Seattle Data Guy

I think that everyone wants to be part of AI, that’s everyone’s initiative, whether or not people fully have an idea of what that means. I’ve talked to people, both clients and friends, who shared that their CEO’s top company goals are all connected to AI.

Overall, however, people are still trying to figure out what AI means, and what that looks like. This is especially true for analytics-based AI – can these tools do the work of a data analyst? Will people trust the results it generates? I’d like to see AI rid analysts of things like frequent ad hoc queries, automating that work for analysts and freeing them up for more productive operations. 

This kind of automation can and will have applications across teams. Say I’d like to have the average sales of a region sent to me every day at 3pm. Imagine that was something you could simply request in Slack, or from a democratized AI tool at your organization. You could have this data at your fingertips rather than having to ping your analysts on a Friday night.

Experience with AI will also be increasingly sought after in new hires, the same way the role of “data scientist” had a boom in the 2010s. Companies will want people familiar with things like GenAI, even as the world is still figuring out their place in our day-to-day operations. Ultimately, AI systems need to be reliable, solid, and compliant with regulations to make a lasting mark. And they need to have secure, high quality data available in order to do that.

Up Next: The Reprioritization and Reassignment of Resources

Read Chapter 03