Are You in Control of Your GenAI Usage?

Generative AI (GenAI) entered the public consciousness with OpenAI’s release of ChatGPT in November 2022, captivating the world with its potential to redefine the way we work.

GenAI is a type of artificial intelligence that can create a variety of outputs including text, images, audio, and videos. It’s capable of producing highly realistic and complex content that mimics human intelligence, making it a disruptive tool for business.

Since its launch, ChatGPT has garnered a staggering user base, with more than 100 million people across 185 countries and has been adopted in over 80% of Fortune 500 companies. OpenAI’s mission is to make tools like ChatGPT broadly available… without the need to even sign-up!

Do you know if public GenAI services are being used in your organisation?

The reality is that GenAI services, including ChatGPT, are accessible to you and your employees, presenting both opportunities and risks. How do you regulate its usage and safeguard your data, and your customers’ data, from being subjected to uncontrolled GenAI services?

Do you know what data is being exposed?

Do you know who now has access to that data?

Do you know how that data is now being used?

Do you know where that data is now being stored?

How can you gain some control over GenAI usage?

Many organisations have already published policies that outline how their data should be controlled which can be applied to GenAI usage. Many will already have updated their policies to address these recent developments. Many organisations will have explicitly stated that public GenAI services like ChatGPT should not be used by employees. Some organisations will even have taken steps to block these services from being accessed from corporate devices.

While these measures are valid, people have a way of ignoring policies and finding their way around restrictions!

Be in the driving seat with Microsoft Tools

Microsoft Purview and Defender for Cloud Apps can provide you with the tools to monitor and protect your data from non-approved GenAI services. By monitoring how GenAI services are being used, you can identify potential risks, and make informed decisions to best protect your business data. Microsoft Defender for Cloud Apps has extensive discovery capabilities that includes over 400 GenAI applications.

The Defender for Cloud Apps discovery capabilities enable you to gain comprehensive visibility into the usage of AI applications, assess their risks, and apply controls accordingly, such as approving or blocking an app, leveraging the Defender for Endpoint integration.

Next, we will look at two ways to achieve more flexibility over GenAI usage: creating your own GenAI solution and using Copilot for Microsoft 365.

Option 1 – Build you own private GenAI instance for your business

Instead of restricting the use of GenAI services, you could be giving your teams access to a controlled environment where they can experiment and find the real business value of GenAI. After all, if you’re not experimenting with GenAI, you can be sure your competitors are…

One option to provide a controlled GenAI environment for experimentation, is to build your own GenAI services using Microsoft Azure OpenAI cognitive services. Deploying Microsoft Azure OpenAI service provides access to a private instance of the same Large Language Model (LLMs) as OpenAI’s ChatGPT service. The difference being, you are in control of the service, and more importantly the data entered into it. You can determine to what level you see what data is being submitted via user prompts, you control who has access to that data, you know that the data can’t be used by anyone else, and you know where that data is being stored. YOU are in control!

The data you use or generate with Azure OpenAI Service is stored encrypted at rest in your Azure subscription. The data is always under your control. Any fine-tuning stays in that Azure subscription, and never moves into the foundation AI models used by the world at large. The fine-tuned model only lives in your subscription and only you get to use it. All ofAll your data and AI models are protected by the most comprehensive enterprise compliance and security controls in the industry.

Quorum can help you set up a private version of ChatGPT quickly and easily, and let your teams explore its possibilities with the assurance that your data is secure and private.

Option 2 – Deploy Copilot for Microsoft 365

If you’re not quite ready to build and host your own ChatGPT instance, another option to allow your teams to experiment with GenAI, would be to deploy Copilot for Microsoft 365. Microsoft have now removed the 300-user minimum purchase requirement making it more accessible for all. Copilot for Microsoft 365 is a productivity tool that works alongside popular Microsoft 365 Apps to enhance creativity and productivity.

Copilot for Microsoft 365 offers the same level of protection and control over your data as deploying your own private Azure OpenAI instance. As there is no user minimum, your organisation can purchase a small number of licenses and deploy them to a pilot set of users within your business to allow for experimentation to discover business value.

Before deploying Copilot for Microsoft 365, organisations should assess existing access controls for data within Microsoft 365, auditing and verifying access to, and membership of:

Microsoft Teams

Exchange Shared Mailboxes

Microsoft 365 Groups

SharePoint Sites

As well as any sharing links in use across those services, to ensure Microsoft 365 Copilot does not inadvertently surface data that employees should not have had access to in the first place.

If you’re not confident all your Teams and SharePoint data is permissioned appropriately, implementing Restricted SharePoint Search gives you time to review and audit site permissions. Restricted SharePoint Search is designed to help you begin your Copilot deployment while you implement more robust data security solutions.

Quorum Are Here To Help

GenAI represents an exciting new era in technology, Quorum can help you explore and navigate both the opportunities and the risks.

If you have questions, need guidance, or require help with implementing Microsoft’s Azure OpenAI or Copilot for Microsoft 365 while ensuring the utmost data security and privacy, get in touch and we’ll be more than happy to support your journey into this transformative technology!