As generative AI applications gain popularity across various industries, organizations are excited to leverage their capabilities for enhancing productivity, creativity, and efficiency. However, with the rapid adoption of these technologies, it becomes crucial to address the potential security risks and compliance challenges they may pose. How can businesses ensure they harness the benefits of generative AI while maintaining a secure environment?

Understanding Generative AI

Generative AI refers to algorithms that can create new content, from text to images, based on the input data they receive. These applications can dramatically improve workflows by automating tasks, generating creative solutions, and providing insights based on vast amounts of data. Yet, as with any powerful tool, there are risks involved.

Identify and assess risks of Generative AI applications

While generative AI can offer tremendous benefits, it also introduces potential vulnerabilities. Unregulated use of these applications can lead to data breaches, unauthorized access to sensitive information, and compliance issues. Adopting AI technologies without appropriate security measures can leave organizations exposed to threats that may undermine their operations and reputation.

It's crucial for security teams to effectively manage these tools. Defender for Cloud Apps simplifies this process. Microsoft has introduced a dedicated category for "Generative AI," helping you quickly identify and manage these applications. By incorporating this category into your policies and tags, you can automate controls to unsanction apps that have low-risk scores or don’t meet compliance standards like SOC 2.

For those using Defender for Endpoint, any apps tagged as “unsanctioned” will be automatically blocked on your devices, ensuring that unauthorized access to sensitive data is prevented.

Additionally, the cloud app catalog provides insights into various risk parameters, empowering you to make informed decisions about your applications. Please see example below.

Create a cloud app discovery policy to automatically block risky Generative AI apps

Organizations may choose to restrict the use of generative AI applications for several reasons. A primary concern is the risk of sensitive data being unintentionally shared, potentially exposing it to unauthorized individuals outside the organization. This concern often leads businesses to block all unmanaged generative AI applications. Moreover, many companies must ensure that the applications they use comply with various regulations, such as SOC 2 or HIPAA. To effectively manage this risk and prevent unauthorized apps from being used on protected devices, consider creating an app discovery policy:

Step 1: Integrate the Defender for Endpoint log to Defender for Cloud Apps by following the steps described here.

Step 2: Explore the usage of generative AI applications in your environment. Determine whether you want to mark any applications in this category as unsanctioned on the “Cloud App Catalog” page by utilizing the various filtering options available.

Step 3: Create a cloud discovery policy to detect and block risky generative AI apps.

1. In the Microsoft Defender Portal, under Cloud Apps, go to Policies -> Policy management -> select All policies tab -> Create policy and select App discovery policy.

2. Name your policy.

3. Under App matching all of the following: set the Risk Score slider, the Compliance risk factor to customize the level of risk you want to trigger an alert, the Category - Generative AI. You can also set the other policy filters to meet your organization's security requirements. Optional: To get more meaningful detections in terms of number of users or amount of traffic in your organization, check the Trigger a policy match if all the following occur on the same day checkbox. Select Daily traffic greater than 2000 GB or Number of users greater than 1.

4. Configure governance actions to be taken when an alert is triggered. Under Governance, select Tag app as unsanctioned.

   Access to the app will be automatically blocked when the policy is matched.

If a user attempts to access an unsanctioned app, they will see a block screen with the message: "This website is blocked by your organization."

As generative AI continues to transform the business landscape, it’s essential to harness its potential while safeguarding your organization from associated risks. By implementing effective security measures and fostering a culture of awareness, you can enjoy the advantages of generative AI without compromising your data integrity.

If you're looking to strengthen your Microsoft 365 security and compliance posture and ensure that your organization is well-prepared for the future, we invite you to connect with us. To schedule a call with our experts and learn how we can tailor solutions to protect your business from evolving threats while optimizing your technology strategy click the button below.