When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Security & GRCGenerative AIRisk Management+1 more
850 views1 Upvote5 Comments
Sort By:
Oldest
CSO in Software6 months ago
In my opinion, GenAI is a stronger contributor to the risks of shadow IT. If you consider all of the modules available in ChatGPT, even for a personal license, an end user can perform everything from deepfake videos to creative easy writing based on a URL. The amount of plugins is quite astonishing based on the maturity of the technology and if any proprietary information or PII is uploaded, then the risks are amplified. I would encourage every organization to establish a GenAI acceptable usage policy and consider monitoring or blocking access to popular sites if your organization deems it a risk.
1
Director of Legal6 months ago
When it comes to Generative AI (GenAI) applications, my perspective on the pros and cons of shadow IT indeed changes. GenAI apps are designed to understand, learn, predict, and potentially function autonomously. They are not confined to a single narrow task and can potentially outperform humans in most economically valuable work. While shadow IT of GenAI Apps can offer innovation, agility, improved productivity, and an enhanced user experience, leading to better adoption rates of GenAI apps in business, it also has its drawbacks. These include security risks, a lack of control, and integration issues, which can lead to the risk of data silos and inefficiencies.

In conclusion, while there are potential benefits to using shadow IT for GenAI apps, the risks are significant. It's crucial for organizations to have robust IT governance frameworks in place to manage these risks. Rather than attempting to eliminate shadow IT of GenAI, organizations should aim to manage it effectively, ensuring that all IT systems, including GenAI applications, are secure, controlled, and integrated.
Director of Information Security in Software6 months ago
It's all in the guidelines and education you provide. Assuming that it's NOT going to be used will only get you into trouble as people find shortcuts. (Aka just like the rest of Shadow IT.) Start with a policy on Gen AI. Things like:
- Do not include any customer or employee name or PII in any prompts
- Do not share any corporate information that would make a material impact (i.e., profits, numbers reserved by your finance or sales departments)
- Decide where you want to experiment with it. Marketing can be a good guinea pig, and they often have many short pieces of writing needed.
- VERIFY anything that AI produces against regular internet searches and basic "sniff test" logic.

My two cents.
1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director, Strategic Security Initiatives in Software6 months ago
I guess it's too risky to be beneficial, but depends on each use case.
1
CISO in Hardware2 months ago
You never take Grammarly or other writing apps away from the user; it is just a battle with no winner. :)

Content you might like

When staffing cybersecurity roles, have you had success with hiring candidates who lack technical experience? If so, what made that strategy effective?

Talent Sourcing & HiringSecurity & GRCSecurity Strategy & Roadmap
CISO in Energy and Utilities9 days ago
Mentorship is crucial, especially when leading a relatively new team. I've intentionally built a team where nearly 80% are under 35. I sought out young, hungry, and energetic individuals who bring fresh perspectives and a ...read more
3
170 views1 Upvote1 Comment

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

How do you see the CISOs role in building trust across the business?

Security & GRCSecurity Strategy & RoadmapBusiness Relationships
CISO13 days ago
CISOs play a crucial role in organizations, as data and information protection falls under their responsibility. Building trust across the organization is essential for maintaining a strong cybersecurity posture.

Collaboration ...read more
1
Read More Comments
186 views1 Upvote2 Comments

What tips or advice can you offer for improving collaboration between historically siloed security operations and IT teams? How can you begin building bridges between them to have better teamwork on things like vulnerability remediation?

People & LeadershipIT Strategy & RoadmapSecurity & GRC
CIO in Educationa month ago
I'm going to highly recommend Keith Ferrazzi's new book - Never Lead Alone - the book will explain how to shift from leadership to teamship. People need to be candid and accountable to and with each other as a start, and ...read more
1
Read More Comments
1.6k views1 Upvote3 Comments

Are below the operating system vulnerabilities a top concern for your organization?

EngineeringGovernance, Risk & ComplianceSecurity & GRC+1 more

Yes79%

No20%

5k views3 Comments