According to the analyst firm Forrester, this year is going to be a major one for generative AI (GenAI) data breaches and compliance fines.
It’s easy to see why. While the accidental insider threat has long been a leading cause of cybersecurity incidents in the enterprise, the rise of applications like ChatGPT and Bard mean triggering a data breach is as easy as copying and pasting sensitive data into a prompt.
Unsurprisingly, security teams are scrambling to find a way to prohibit sensitive data leakage in GenAI applications.
Could secure access service edge (SASE) be the answer?
What is SASE?
Remote work and cloud-based applications have led to prevalent issues such as latency and subpar connectivity for many workers. Enterprise organizations are increasingly concerned about data security and compliance. Gartner introduced SASE in 2019 as a solution to address these challenges.
SASE is not groundbreaking technology. It represents the convergence of several next-generation security solutions. These solutions combine to form a cohesive, cloud-delivered security service that safeguards data at the edge. Additionally, SASE enhances the end-user experience by providing high-speed functionality.
Here’s a closer look at the solutions that underpin SASE:
- SD-WAN integration: SASE relies on the integration of SD-WAN to extend network functionality to users and applications at the edge.
- Cloud-based firewall services (FWaaS): SASE employs FWaaS to relocate the traditional firewall to the cloud. FWaaS adapts flexibly to the enterprise’s requirements, enabling the enforcement of security policies across the entire network, regardless of employees’ locations.
- Zero-trust network access (ZTNA): SASE utilizes zero trust as a guiding principle for network access rather than a specific security technology. ZTNA is a “trust no one, verify everyone” approach.
- Secure web gateway (SWG): SASE incorporates SWG to counteract malicious internet traffic and enforce security usage policies for web access.
- Cloud data loss prevention (DLP): Through cloud-based DLP, SASE assists organizations in identifying and securing data within their cloud-based applications, mitigating the use of shadow IT.
How can SASE uphold generative AI security?
In theory, SASE has all the capabilities to secure generative AI applications. For one, the solution promises to bring the principles of zero trust to generative AI applications, ensuring that no malicious actors hijack employee GenAI accounts and steal sensitive data.
Beyond that, SASE’s use of cloud DLP is a powerful way to prevent data leakage and maintain compliance. By discovering and preventing the sharing of sensitive data in generative AI applications, SASE should bring full visibility and protection to all employees’ GenAI workflows.
But, that’s just in theory. In practice, SASE doesn’t deliver on its sparkling promises… yet.
The realities of SASE implementation
While SASE has a great amount of potential, the solution is still in its infancy. For organizations that adopt it, the resulting implementation is often underwhelming and error-prone.
Here’s why:
- Over-hyped: Presently, SASE solutions in the market are still in their early stages. Their deployment is intricate and lacks interoperability with most networking and security solutions, making them a challenging and costly endeavor that may not yield a significant return on investment.
- Complexity: Networking and security, originally distinct fields, merge into a new specialty with SASE. A successful deployment requires IT teams to possess a solid understanding of both disciplines and their interactions within the SASE framework.
- Points of Presence (PoPs): The effectiveness of SASE relies on a network of cloud gateways, known as PoPs. A successful solution must leverage PoPs at scale to ensure comprehensive coverage and high-speed performance. For smaller enterprises, establishing such a system is likely to be prohibitively expensive and challenging.
- Integration: A successful SASE deployment represents a departure from traditional network security. Organizations must delicately balance phasing out legacy systems while introducing SASE. Furthermore, seamless integration is crucial because SASE relies on various technologies—endpoint agents from different solutions must align to guarantee an effective deployment.
How Polymer DLP secures GenAI usage
While SASE may not be feasible solution at this time, two aspects that make it promising for GenAI security are readily available: a zero-trust framework cloud DLP and cloud DLP.
Polymer delivers both in one unified, plug-and-play platform. Our solution, Polymer DLP for AI, is designed to empower organizations to reap the rewards of generative AI while combating data loss and compliance risks.
Here’s how Polymer secures generative AI tools like ChatGPT and Bard:
- Granular visibility and monitoring: Polymer DLP harnesses the power of natural language processing (NLP) to automatically discover and classify data across cloud and GenAI apps. The dynamic policy engine enables you to completely customize security policies to your organization and reduce noise. This provides your security team with real-time insights on user behavior, data movements, and policy violations.
- Automatic and manual remediation: Polymer DLP prevents dat exposure in GenAI tools by redacting sensitive data bidirectionally.
- Real-time education: Polymer DLP educates users on inappropriate data sharing with point-of-violation training, , reducing repeat offenses by up to 40% in just two weeks.
Ready to use generative AI with confidence? Request a demo today.
