Leveraging AI for enhanced compliance and governance
In this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems.
He talks about emerging trends such as content cognition. He predicts advancements in AI-driven information management tools, as well as including the integration of knowledge graphs for more nuanced analysis.
What measures should organizations implement to ensure data privacy and security when integrating AI into their information management systems?
AI can be applied in information management in several ways, and each has risk implications.
The first – and this is where the biggest risk lies – is to use AI as a search and generation tool. This is where the AI is fed an organization’s information, and people can search and ask questions from it, in much the same way as ChatGPT.
This sounds wonderful until you realize that without very careful planning about who should have access to what information, such generative AI services WILL leak sensitive and private information, both internally and externally. In short, using generative AI over the top of your existing enterprise content demands strict attention to information sensitivity labelling, information classification and governance.
The second type of AI is used to understand where risks lie. With collaboration, many organizations have information scattered in many different locations. Having a ‘big bang’ project and bringing these disparate documents onto a centrally managed EDRMS (electronic documents and records management solution) is no longer possible.
An emerging better practice is to use AIs to scan multiple repositories to determine how much sensitive or private information is stored in each and map out where the most pressing risks are located. Armed with this information, information management teams can prioritize their efforts, focusing on addressing the biggest information leakage risks to the business.
Finally, AI can be used to interrogate and auto classify information at scale. However, it is important to consider how such AIs services are accomplishing this task: is the information going to a third-party AI service for analysis, is information being stored or cached and if so, how and where, what is the quality of the analysis?
In summary, it is vital to tightly control information governance before letting AI search and generative services loose on your information. To prepare vast amounts of information for such AI, you will need the help of AI services!
What are enterprises’ biggest challenges in managing information hyperinflation, and how can AI mitigate these challenges?
Organizations can no longer manage information manually. Even if they have a sizable information management team, there is just too much information from too many sources and too many formats.
From the recent IBRS/EncompaaS study, it is clear that the only way to deal with the volume is to enlist AI to read information, address any sensitive content, classify it and apply governance and access rules over it. AI can take this most basic and essential task from information management teams.
In addition, AI can also detect when information governance needs refinement: recommending new classifications and raising questions of information management professionals.
How does AI contribute to compliance and governance, especially given increasing regulatory pressures?
AI services provide scalability in detection, classification, and (in some specialized situations) redacting sensitive information. These services have long since reached a point where they are superior to having staff attempt to classify documents manually. It is a classification that triggers automated processes that ensure compliance.
When AI is used to evaluate and apply classifications on a document as soon as it is created and throughout its life, the biggest cause of information non-compliance is removed. This is a case of automation resulting in far higher compliance and thus far lower risk.
Can you explain the concept of content cognition and discuss its potential impact on future information management strategies?
Autoclassification has been around for nearly a decade now. Content cognition builds upon the early attempts at autoclassification by leveraging more powerful AI algorithms. So content cognition provides for better, more accurate and nuances document autoclassification. But content cognition goes further. Using the same foundations for classification, structured data can be extracted from unstructured documents.
The potential uses for this are phenomenal. For example, a service company could run a report to find all contracts above certain value for clients located in a specific geography, and then perform a what-if analysis should a specific contract term be changed. Treating unstructured data as structured data will open up new business opportunities.
Content cognition is also key to being able to map risk in an organization’s data estate, allowing information managers to prioritize their attention. Likewise, it can determine which documents simply don’t matter from a governance perspective. Knowing what you don’t need to manage is a big saving in cost and time.
Finally, content cognition can determine when a classification scheme is not quite hitting the mark, and provide recommendations to information management.
With the development of AI-driven information management tools, what criteria should companies consider when selecting the right tools for their needs?
Some organizations just want an AI tool to help them move from a legacy EDRMS and the chaos of traditional share drives to a new collaborative platform. In most cases, the impetus for this is the expanded use of Microsoft’s 365 platforms.
In these cases, a content cognition tool can assist by first mapping where the risks lie (where the most non-compliant documents reside). The tool can then be aimed at selective information sources for classification and (based on policy) to move the files into the correct location in the new platform, archive, or dispose of them. The AI can be used for information cleanup and compliance as part of the migration to the new platform.
Other organizations take a longer-term view, using a content cognition tool to deliver a ‘manage in place’ experience across multiple platforms. This is particularly important for organizations that have high compliance needs.
What key trends do you foresee in intelligent information management in the coming years, particularly with the ongoing advancement of AI technologies?
While machine learning and generative AI have provided significant leaps in performance and quality of AI-based information management and given rise to content cognition, there is another AI technology that will further improve performance and quality: knowledge graphs.
When combined with the other two broad categories of AI, graphs have the potential to deliver far more nuanced analysis that goes beyond just the document itself. For example, it could consider the roles of the people involved in the document, the people mentioned in the document, projects or activities the document is related to and more.
This is still science fiction, but given the state of graph research, I expect to see leaps in highly automated AI-based information management in the next three to five years. Vendors who are currently pushing the limits with content cognition are likely to be the fastest adopters of the next wave of AI.