AI policy is done, how to go about enforcing it?

When you ask a security team how far are they with the employee use of GenAI, most give answers to the tune of the following:

• You defined an AI policy and some governance body approved it? Yes, we did.
• You gave training to employees about what to do, what not to do? Sure, done.
• You are enforcing the policy, have evidence of the compliance level and can identify the end users with most risky behavior? No, because our existing security and governance tools don’t support this.

Now, a ‘no’ to the last question limits the outcomes from the first two actions. And it’s well established that many existing security tools lack the depth to deal with GenAI interactions, and the user experiences to guide users in real time.

The real issue with the 3rd Q&A is that it fails to note that before the HOW of the security & governance tooling there is a WHAT of the enforcement. Doing a tool evaluation with only the HOW draws internal debates between teams, because there is no common yardstick.

Create a policy enforcement plan or ‘standard’

Enforcing the policy for employee use of GenAI requires definition of the WHAT along the following 6 dimensions:

1. Categorization of GenAI apps for policy enforcement

One size of policy enforcement does not fit all GenAI apps used in the enterprise. Typically, at least two classes are required based on internal evaluations of their security posture, data handling practices, and compliance readiness. For example, enterprise-approved versions of tools like ChatGPT Team, Microsoft Copilot, or in-house AI models have a different standard for policy enforcement, than a random app from the Internet.

2. Data protection standards

The standard needs to go to the specifics on what kinds of data can and cannot be inputted into GenAI apps. Typically this includes restrictions on personal identifiable information (PII), customer data, confidential business data, or intellectual property. Apps in the ‘enterprise approved’ category have a more lenient policy enforcement standard vs. that for consumer apps.

3. Acceptable use boundaries

GenAI apps are very versatile and employees may invent new cases every day. You may restrict what kind of content is allowed to be created - quite often contractual language and software code are restricted at least for some employee groups or for some category of apps.

4. Monitoring and analytics setup

Depth of monitoring of employee GenAI activity is another set of policy enforcement choices. It starts from authentication requirements and logging of activity. The more potentially sensitive question is whether end user prompts and responses are logged, and how is able to see them

5. Awareness and training in context

Awareness and training baseline comms is usually taken care of. As part of policy enforcement, there are a few additional choices: how are the employees made aware of the monitoring and policy enforcement actions, and what real-time guidance and feedback are given?

6. Process for addressing non-conformities

When an individual behaves poorly, once or consistently, where is the bar and how is that addressed? Is there a department-level process where a holistic discussion about AI adoption would happen? That could involve insights into actual usage, recommendations for greater effectiveness and any department-level actions required to curb risky behaviors.

Conclusion: Policy as an Enabler

A GenAI policy is not a barrier, but an enabler. It gives employees the permission and confidence to use the transformative tech in a way that is secure, compliant, and aligned with the organization’s values. By defining a standard that specifies the WHAT of the policy enforcement, one can operationalize the policy and implement the technical controls to match.

NROC Security created an example of an “Employee GenAI policy enforcement standard”. Fill in the form to download.