Thanks largely to offerings such as ChatGPT and Google Bard, generative AI is the latest high-profile low-code/no-code technology, garnering lots of attention in the media and among enterprise and commercial software developers. For example, ChatGPT gained over one million users within a week of its public release in November 2022. Now, both consumer- and enterprise-focused commercial applications and services are rapidly gaining generative AI features and integrations. And non-IT business people are building exciting new applications with generative AI and other low-code/no-code technologies. This creates both new opportunities and new avenues of risk for enterprises.
Low-code/no-code applications built by “citizen developers” business users can help make those users and their enterprises more nimble and quickly responsive to shifts in market dynamics. They can also help reduce the pressure on IT teams to produce, deploy, and modify business applications more quickly. Yet many, if not most, of those user-created business applications, are being created and deployed with no involvement by enterprise IT or cybersecurity teams. Moreover, to the extent those new applications connect with, consume, manipulate, or produce data critical to the business, they represent new vulnerabilities and potentially significant risks to that data’s accuracy, consistency, quality, and security.
How Best to Respond
Some enterprises are likely trying to respond to these new risks by banning generative AI and other low-code/no-code technologies. However, given that those technologies are rapidly finding their way into enterprises with no current oversight, getting rid of them will be difficult, if not impossible, for those firms. Also, many commercial enterprise software solutions are gaining features created with generative AI and other low-code/no-code technologies. Therefore, it is highly unlikely that any enterprise could justify getting rid of any critical applications because they gained such features.
The goal should not be to limit or forbid these new tools but to implement the guardrails and technologies necessary to strike the right balance between risk and agility. Otherwise, your business risks missing opportunities for greater agility and innovation. Success will require new, more collaborative, and streamlined approaches to risk management and modification to current processes and technologies used to manage enterprise IT environments. Here are some specific necessary areas of focus.
More automation. Manual processes and solutions will be inadequate for effectively identifying, managing, and monitoring generative AI and other low-code/no-code deployments. For example, building an inventory of the officially permitted resources on your network and attempting to keep that inventory current is insufficient, given the growth path taken by most low-code/no-code deployments. Your enterprise must automate as much as possible of its processes for identifying, isolating, and notifying the appropriate people when any new deployment takes place. Otherwise, those processes will never be scalable or flexible enough to effectively address the risks of low-code/no-code deployments without guardrails.
More collaboration. No one team or team leader can address the expanded risk profile presented by generative AI and other low-code/no-code technologies alone. Effective guardrails will require new and different questions and approaches about how critical enterprise data is accessed and protected. Those questions and their answers will span multiple departments and teams, including and beyond IT. At a minimum, others who should be involved include those responsible for the compliance, cybersecurity, data, and information security, data management, and risk management. Where making your enterprise and its data safe and ready to take full advantage of generative AI and other low-code/no-code technologies is concerned, “it takes a village.”
More communication. Those responsible for creating and implementing guardrails for low-code/no-code deployments at your enterprise must communicate clearly, proactively, and repeatedly with users of those deployments. Since many users are non-technical, they may be unaware of the increased risks to the enterprise’s data and business operations accompanying those new tools and features. Citizen developers may also lack the skills or knowledge to ensure robust data protections are “baked into” the applications they build. Your revamped and expanded risk management efforts must consider these factors as you craft a strategy and tactics for keeping users engaged and informed.
More information. Every unknown deployment of generative AI or other low-code/no-code technologies in your enterprise represents an unknown risk to the availability and trustworthiness of the data that drives your business. To get and keep as fully informed as possible about all such deployments, your risk assessments and audits of your environment will have to happen more frequently and ask more and different questions. Your ability to report accurately and clearly on the state of your environment and risk profile will also become more critical. Therefore, they will likely require more frequent and detailed review and updating to keep pace with the heightened rate of change affecting your enterprise.
How Incisive Can Help
Incisive Software is focused on helping organizations build a strong foundation for success based on accurate and trustworthy data. The explosive growth of generative AI, other low-code/no-code tools, and citizen-developed applications has greatly increased the risks of data errors and mismanagement. Incisive Analytics Essentials enables you to gain managerial control over generative AI and other low-code/no-code deployments while making them available to authorized users. The Incisive Concourse platform, the heart of the Incisive solution, provides consolidated, comprehensive abilities to know what you have, know what changes, and effectively manage, protect, and trust your business-critical data across your entire enterprise.
To learn more about the risks associated with generative AI and other low-code/no-code technologies and more suggestions for mitigating those risks, please read “Generative AI: A Growing Risk to Enterprise Data.” To learn more about Incisive Analytics Essentials or to arrange a demo or free trial, visit https://www.incisive.com, email [email protected], or call 408-660-3090.