Updated CISO guide for GenAI security

Usage of GenAI apps at work has reached a point where security leaders are facing the need to assess their current security programs for efficacy and how they support the business. Four irreversible drivers are in play according to a recent study and NROC Security data:

• Increased usage by end users: 58% of employees use regularly, 31% weekly
• More frequent end user demands to use the latest GenAI apps: 70% of users use free and personal plans
• Worsening threat picture due to usage and feature development: 34% upload company information to public AI app at least sometimes. Every 1,000 end users, on average, include over 7,100 instances of PII in their prompts every month
• Intensified calls from top management and Board to drive AI adoption for personal productivity gains

And this was true even before the agentic AI entered the picture. Now, not only can the end user use the app in unexpected ways, the feature set of the app is dynamic and can even augment itself on the fly.

Our updated CISO guide explains how traditional security architectures are challenged by this new breed of business software and the best practices CISOs can implement. This guide enables CISOs to mitigate the risk of data leaks, prevent compliance violations, provide a great end user experience, and contribute to the overall business goal of driving personal productivity using GenAI. 

The guide builds on three core GenAI security best practices:

• Shift-right techniques: Enforcing the acceptable use policy can only happen at the time of prompting. Traditional shift-left techniques like document labeling at source and accurate user permissioning tend to fall short. Shift-right techniques consider, even if the user is on an enterprise or consumer app, prompts or uploads attachments, and if the response falls outside acceptable use cases for GenAI.
• A safe enablement framework: This is about the end user experience with GenAI. Any ambiguity with what’s allowed is slowing adoption. Fear of making mistakes does the same. Safe enablement means providing a safety net, inspiring confidence and encouraging innovation - while protecting data.
• Productivity-first governance: The bigger goal for adopting GenAI is to drive productivity improvements in everyday tasks, which requires a rethink on how to govern the business initiative. The productivity impact comes down to two factors: frequency of usage and effectiveness of use. Productivity-first governance starts with policies and oversight, but also takes data-driven organizational change management actions.

When executed properly, GenAI security creates a safe environment for end users to innovate, builds trust in AI usage and provides strategy-defining insights into the best AI use cases in the organization. Best practice security for GenAI empowers employees to innovate with new tools and use cases, makes the journey measurable, and thus accelerates realization of the productivity benefits of this innovative new technology.

Download the updated CISO guide and learn how to protect sensitive data and maintain control —  all without slowing down your teams.

‍