By now, you should be familiar with ChatGPT. Just two months after its release, it has become one of his fastest growing consumer applications worldwide.
Due to the increased attention, organizations are drawing different conclusions regarding the use of large language models in advanced chatbots. This is both about the everyday use of technology at work and the larger societal problems it causes.
These tools are of great interest as many organizations are looking to leverage them to improve their productivity. But it has also attracted the attention of authorities, given how the data is collected and produced. Aside from the hotly debated issue of data compliance, another consideration is protecting company intellectual property and sensitive customer data from being used in ChatGPT and other AI projects.
Zscaler identified hundreds of AI tools and sites, including OpenAI ChatGPT, and created a URL category called “AI and ML Applications.” Organizations can use this URL category to perform several different actions. Block access to these sites entirely, extend caution-based access to instruct users on how to use these tools, or isolate browsers to protect data (but with guardrails). ) to allow its use. .
Here, we’ll take a closer look at how isolation can improve productivity while maintaining data security.
First, it’s important to understand why data security is so important. The Economist Korea details its ChatGPT data security warning. Samsung said in April that he witnessed his three leaks of sensitive corporate data through ChatGPT in the semiconductor sector. In one example, the tool was used to check confidential source code, another employee requested a “code optimization”, and a third employee uploaded meeting recordings to create meeting minutes. Did. That information became part of his ChatGPT. Samsung, on the other hand, restricts the use of this tool and may ban it or create an internal version.
At Zscaler, we hear from organizations on both sides of ChatGPT coin, so we offer different actions to access these sites. Quarantine helps:
Balancing data security and innovation
Leveraging the Zscaler Zero Trust Exchange, large language model applications or AI internet destinations in the “AI and ML applications” URL category can be rendered with Zscaler browser isolation. profit? Gain powerful control over how sensitive data is handled, both files and certain sensitive information.
First, you can block all uploads and downloads (on AI sites that allow them) and restrict access to the clipboard entirely, but if you want to allow some use, allow text input To do. Users can continue to enter queries and experiment with generated insights.
What about the risks associated with users sharing sensitive data in chat queries? With Browser Isolation, sensitive data entered can be detected and protected from transmission by the Zscaler DLP engine. Plus, see the queries employees make to her ChatGPT and other places, even when DLP rules aren’t activated, for complete visibility into how your employees are using these sites. can be recorded.
ZeskellerFigure 1. DLP workflow for securing data sharing with browser isolation
For example, suppose a user is trying to upload a large amount of text with sensitive data in a prompt. Users can enter data within browser isolation that is launched as a temporary container. However, sensitive data cannot leave the company. Blocked in a browser isolated session.
What about preventing data from being downloaded to the user’s computer, thus avoiding intellectual property issues? You can get around this by using temporary “protected storage” without violating the upload/download policy of . Similarly, output productivity files such as .docx, .xlsx can be viewed as read-only PDFs within that protected storage without necessarily downloading to the endpoint itself.
In addition, DLP engines can also detect sensitive content within files and utilize optical character recognition to find sensitive data within image files, even if uploads to AI tools and other sites are allowed. increase.
Ultimately, organizations will also need to fully track how employees use these sites in quarantine environments. This is where he DLP Incident Receiver comes into play, capturing and recording requests to her AI application for review by security and audit teams.
But what about organizations that are not yet ready to allow the use of AI applications? Companies can block access to the “AI and ML applications” URL category.
Zscaler Zero Trust Exchange therefore provides complete protection while increasing user productivity and preventing the use of Shadow IT.
See protections in action in this short demo, or learn how to limit the use of AI tools and deploy them safely.
Copyright © 2023 IDG Communications Inc.
