Enterprise IT today has generative AI hitting it from every angle: from systems that it directly licenses for millions of dollars, from large language models and other genAI algorithms that are sneaking into every SaaS product globally, from employees and contractors using genAI even when they are told that it is prohibited. It permeates every cloud environment, it is creeping into IoT, and it is overwhelming every third-party app your company leverages.
With SaaS and its overwhelming embrace of all things genAI, IT decision-makers are not deciding AI strategy as much as reacting to it. “AI software has come into most offices and organizations without the CIOs and CTOs being aware,” said Atefeh “Atti” Riazi, CIO of the $12 billion media firm Hearst, which today has more than 350 brands and thousands of third-party vendors. Many of these executives “have at least 50 apps on their phone, and no one is aware” of precisely what they are capable of in terms of extracting and using sensitive data, she added.
On the other hand, she said, an enterprise can’t go to the other extreme and try to lock everything down. “You can’t be that strict, because then you would choke off the ability of organizations to innovate.”
Nevertheless, IT leaders want to wrestle back control of their systems, lest “Sneaky AI” — software vendors adding AI components to their products without explicitly telling customers — take over. Some advocate adding new legalese to contracts, regulating how and where genAI can be used and sometimes requiring permission to implement it. Others, including Riazi, are more pessimistic and argue that wholesale changes are needed for IT governance because of generative AI.
Riazi’s position is that current IT governance rules were created in a vastly different environment, time, and place, back when physical assets were the most important and when most if not all critical systems were housed on-premises. “Auditing and governance is very much structured for a physical world,” she said.
“Today it is almost impossible to know all of the AI code that has been put in [enterprise software] and its impact. This is not governable. Throw out the window” current IT governance procedures, Riazi said.
2024-05-25 00:00:02
Original from www.computerworld.com