Growing GenAI in a compliant and resilient way.
An expert panel at the Cloud Revolution Summit discussed how to stay current with fast-changing tech while keeping deployments secure and controlled.
Here are the key insights from Sasha Rubel, Head of GenAI Policy EMEA at AWS, and Fernando Herrera, the brain behind GenAI startup Dynamico AI.
GenAI isn’t a completely new challenge.
We had similar security, compliance and resilience questions in the early stages of cloud adoption. But this time, there are 2 major differences:
You need a common understanding and shared vocabulary.
Organisations have been going through cloud, digital and data transformations. This is another transformation. Giving employees access to GenAI requires so many stakeholders – and usually they have no shared vocabulary or understanding of risks (real and perceived).
‘Get lots of people in the tent’
Engage stakeholders from different departments from the beginning of the GenAI journey, including:
- Security
- Legal and compliance
- IT ops
- Data
- Departmental AI champion(s)
- Vendors – big ones that can bring the state of the art, smaller vendors that can be flexible and innovate with you
- Potential blockers – ‘The VP of No’
Have the strategy and prioritisation conversations and build the learning together. Yes, it may take longer in the beginning, but it will make the overall journey faster because you can align on a way forward with lower risk that builds momentum. Then, the tent can expand as GenAI expands within the organisation.
Core dimensions of responsible AI (according to AWS)
You don’t have to wait for an international standard to get started, but you do need a common understanding within the organisation to grow in a secure, compliant and resilient way.
AWS is working to promote this shared vocabulary through work with industry, government and academia. Learn more here. Can its core dimensions of responsible AI provide a starting point for your organisation?
Getting started: Balance ambition with security.
How can you balance the desire to do everything with GenAI with the need for controlled and secure deployment? Follow the crawl-walk-run approach – because you can’t jump straight to being AI native. Cloud was a journey, and AI will be a journey, too.
- Keeping doing SOMETHING – Often, when organisations go from the aspirational phase to the adoption phase, they hit a wall and – due to company policy – do nothing. Don’t fall into that trap. Not only will you be left behind, but GenAI will creep in through shadow IT and licences. You can’t hide the sun with your thumb!
- Progressively whitelist – Get good building blocks from a tech partner and whitelist them. Then keep whitelisting as you progress through use cases.
- Move to a blacklist approach – You reach a tipping point where you shift away from approving each use case.
When you set a foundation and progress systematically, you avoid getting stuck in POC Purgatory.
Keeping up: Ensuring compliance and resilience amid rapid AI tech development.
#1 recommendation: Be clear on the business challenge you’re looking to solve, so you stay focused on what will deliver value. Then, AWS recommends taking a 3C approach to growing GenAI in a responsible way:
Don’t let security and compliance concerns hold you back.
Waiting won’t help. Other organisations are already moving, and people will experiment ad-hoc anyway. So start getting people in the tent, laying the foundation and exploring outcome-driven use cases.
And if you want expert advice, we’re one click away 👇
