Even after its huge popularity and usage, ChatGPT didn’t cut much ice with the enterprise users beyond a handful of use cases. Most of those users were apprehensive of issues such as security and data privacy. In fact, there have been concerns around data confidentiality. Has it been taken care of in the Enterprise Version or is it merely an attempt to cash in on the hullabaloo around Gen-AI?
What does OpenAI claim?
OpenAI promises “enterprise-grade security” along with the commitment to not use client-specific prompts as well as the data during the training of the models. These cybersecurity-centric features of ChatGPT Enterprise look to address widespread concerns around the protection of intellectual property as well as the integrity of sensitive business data when utilizing large language model (LLM) algorithms.
“You own and control your business data in ChatGPT Enterprise,” says OpenAI. “We do not train on your business data or conversations, and our models don’t learn from your usage.”
OpenAI says customer prompts as well as company data will not be utilized for training models and all conversations are encrypted in transit and at rest. It also said that businesses would get a new console with the tools needed to handle sizable employee management. The company is positioning the new version as the most powerful, with no usage caps, better performance speed and access to data analytics.
Enterprises will need a smarter security program
“The enterprise grade looks very promising. But this also means that every enterprise using ChatGPT will need a smarter security program. ChatGPT must be part of an organisation’s critical computing Infrastructure that they must protect from theft, pilferage, alterations and misuse. I would highly recommend using zones and conduits to ensure that learned models are not accessed by unauthorized people while ensuring unbridled access to valid users. Hackers and malicious insiders will attempt to take away the learning and monetize it for other purposes,” says Agnidipta Sarkar, former group CISO of Biocon and Vice President CISO Advisory with ColorTokens Inc.
Has comprehensive penetration and testing been done?
Some other cybersecurity seem to weigh in on these observations.
“In my view, the security aspect is very important. Thorough penetration and testing are yet to be done,” says Gopi Thangavel, SVP, Reliance Industries Limited and an author on cybersecurity.
“Come to think of it, we have been forcing IT security designs on OT, but now it seems using OT security principles (read ISA 62443) in IT would be very necessary. We will need new Acceptable Use policies for using Artificial Intelligence in business. Like my MAZE concept (Mission- critical Assurance using Zero trust Enforcement) enforcing zero trust for defense-in-depth will be essential, especially for critical Infrastructure,” adds Sarkar.