With the rise of hybrid work, data leakage has become a significant issue. Employees are now working from a variety of locations, including their homes, coffee shops, and even public libraries. This makes it more difficult to keep track of data moving between managed endpoints and your organization's SaaS applications or private apps.
Shadow IT, the use of unauthorized or unapproved software and services by employees has always been a challenge for IT departments. If left alone, shadow IT can pose a significant security risk, as it can expose your organization's data to unauthorized access.
Generative AI platforms like ChatGPT have emerged as a new frontier of shadow IT. These platforms allow users to create text, images, and other content that is often indistinguishable from human-created content. This makes them a popular tool for employees who want to share sensitive information without fear of detection.
The problem is that many platforms use the data submitted by end users to train its model, meaning anything proprietary becomes publicly available once it has been ingested. Samsung, for example, had to ban ChatGPT after three separate instances of employees unintentionally sharing sensitive data to the generative AI platform, including confidential source code.
The good news is that generative AI platforms are not all that different from other internet destinations that you need to protect your data from. With the right tools, you can block access to these platforms and prevent data leakage.
To stop any form of shadow IT, you need a modern secure web gateway (SWG) solution with native data loss prevention (DLP) functionality. A SWG can monitor all internet traffic and block access to unauthorized websites and applications. DLP can also be used to scan files for sensitive data and prevent them from being uploaded or downloaded.
In a hybrid work environment, it’s critical that you take steps to protect your data while ensuring productivity continues. A SWG with DLP functionality can help you do both.
How data is leaked to ChatGPT and other generative AI
There are a number of ways that data can be leaked to ChatGPT and other generative AI platforms. Some of the most common scenarios include:
Pasting sensitive data on AI apps for formatting or grammar checks.
This is a common practice, but it can be risky if the data is not properly anonymized.
Developers pasting the source code in AI apps to improve performance and efficiency.
The source code may contain sensitive information about the company's products or services.
Including AI apps in sensitive company meetings to transcribe
This can be a convenient way to create a transcript of a meeting, but it can also be risky if the call contains sensitive information.
Accidental uploading of sensitive or compliant data
Individuals may unknowingly input confidential data into the chat interface under the false impression that it provides a secure means of communication. This information can include personal identifying information (PII), financial information, personal health information (PHI), or any other confidential or compliant data.
How Lookout prevents data leaks to ChatGPT and other generative AI
Lookout Secure Internet Access is a SWG solution with native DLP and content digital rights (CDR) capabilities that enables your organization to block restrict to generative AI platforms and other unauthorized websites and apps with granularity.
Different ways to protect your data
Lookout uses a variety of techniques to prevent data leaks, including:
- URL blocking: Lookout can block access to ChatGPT and other generative AI tools altogether. This can help to prevent employees from accidentally or intentionally uploading sensitive data to these tools.
- Content filtering: Lookout can scan the content of posts and file uploads for sensitive data. If sensitive data is detected, Lookout can take action to prevent the data from being uploaded, such as masking the data or requiring the user to provide additional authentication.
- Policy-based access control: Lookout allows you to create custom policies that define how users can interact with ChatGPT and other generative AI tools. For example, you can create a policy that allows users to interact with the platform, but prevents them from submitting sensitive data.
Customize policies that best suit your needs
We ensure that you can quickly write policies that protect data, while leaving room to customize and refine for more specific circumstances. Here are some of the ways you can write policies with Lookout Secure Internet Access whether the data is structured, as in posts, or unstructured in the form of file uploads:
- Use a predefined AI category covering a wide range of AI-driven websites, which can be used by enterprise admins to write quick access policies
- Define custom categories, which enables your organization to categorize websites of interest and write policies around them.
- Encryption or masking and redaction of data with DRM
- User communication before sensitive data is uploaded to communicate and prevent risky actions from being taken.
How Lookout applies data loss prevention (DLP) to all data
The Lookouts Cloud Security Platform offers centralized DLP policy management and enforcement across every platform and app. Using advanced DLP, Lookout can identify, classify, and protect sensitive data in every format and app using exact data matching and fingerprinting. Once sensitive data has been identified, Lookout can go beyond the basic allow-or-deny capabilities offered by other DLP solutions.
Lookout’s DLP extends data classification and governance to any document in the cloud, integrating with Microsoft Azure’s Information Protection (AIP), Titus classifications, and cloud-native labels. It can also apply standard compliance policies that cover regulations like GDPR, SOX, PCI, HIPAA, and many others.
With its comprehensive data protection features, you can trust Lookout to protect your sensitive corporate data, even in the face of new challenges like generative AI.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization
Try Lookout Secure Internet Access
Lookout Secure Internet Access is a cloud delivered solution, built on the principles of zero trust, offering inline and API security controls to protect users, networks, and corporate data from Internet based threats.