The AI era is complicating — and exponentiating — the challenges of safeguarding essential and sensitive data. Security leaders must revisit their data security approaches to keep up. Scott Kopcha witnessed what CISOs everywhere are seeing: employees eager to use artificial intelligence, whether through public models or custom AI tools, accessing company data at a breathtaking rate and volume. Kopcha already had a mature data protection strategy in place; as a law firm, his organization had a long history of safeguarding sensitive data. Still, Kopcha, CISO at Goodwin, knew his firm’s data protection strategy needed to evolve. “Whenever you start breaking down these different types of AI models, you see there are seven or eight different ways they can interact with your data, and our tools weren’t necessarily set up to provide the breadth of monitoring and protective capabilities required,” he says. He added another protection layer that classified and tagged data based on whether it could be used with AI and in what circumstances. He invested in new tools to support that layer, and he’s monitoring the vendor landscape for emerging capabilities that could further boost his data protection program. Kopcha’s data protection strategy also calls for an evaluation of new technologies being deployed by the firm to determine whether new controls are needed for them, a move he says ensures protection keeps pace with technological innovations. “The idea is to be able to show anyone who comes to ask that you’ve done your due diligence, and you’ve done your due care,” he says.
Read the CSO article for more.