Asia is among the leading wave of early AI adopters as research firm IDC predicts that by 2025, Asia’s top 1000 organisations by revenue will allocate over 50% of their core IT spending on AI initiatives. This has been suggested to lead to a double-digit increase in the rate of product and process innovations. IDC found the majority of businesses in Asia (70%) and EMEA (76%) are investing in or exploring Gen AI, while only 46% of U.S. businesses are doing the same.
At a market level, China leads the world in generative AI usage, according to a recent survey by software firm SAS and Coleman Parkes Research. The survey covering 1,600 decision-makers discovered 83% of Chinese respondents using generative AI, versus 65% for the US and 54% globally. China's rapid adoption of generative AI can be attributed to the rise of multiple Chinese companies launching their own versions of ChatGPT.
The AI hype gripping every market and industry right now is understandable. The potential is big, exciting, and revolutionary, but before we run off and start our engines, organisations need to put processes in place to power data resilience and ensure their data is available, accurate, protected, and intelligent so that their business continues to run no matter what happens. Look after your data, and it will look after you.
Take control before shadow sprawl does
Governance over AI and crucially control over the data is fundamental to successful AI adoption. The time to start is now. The latest McKinsey Global Survey on AI found that 65% of respondents reported that their organisation regularly uses Gen AI (double from just ten months before).
But the stat that should give IT and security leaders pause is that nearly half of the respondents said they are ‘heavily customising’ or developing their own models. This is a new wave of ‘shadow IT’ – unsanctioned or unknown use of software, or systems across an organisation.
For a large enterprise, keeping track of the tools teams across various business units might be using is already a challenge. Departments or even individuals building or adapting large language models (LLMs) will make it even harder to manage and track data movement and risk across the organisation.
The fact is, it’s almost impossible to have complete control over this, but putting processes and training in place around data stewardship, data privacy, and IP will help. If nothing else, having these measures in place makes the company’s position far more defendable if anything goes wrong.
Managing the risk
For most AI tools, it's about mitigating the operational risk of the data that flows through them. Broadly speaking, there are three main risk factors: security (what if an outside party accesses or steals the data?), availability (what if we lose access to the data, even temporarily?), and accuracy (what if what we’re working from is wrong?).
As AI tools become integral to your tech stack, you need to ensure visibility, governance, and protection across your entire ‘data landscape’.
This is where data resilience is crucial. As AI tools become integral to your tech stack, you need to ensure visibility, governance, and protection across your entire ‘data landscape’. It comes back to the relatively old-school CIA triad - maintaining confidentiality, integrity, and availability of your data. Rampant or uncontrolled use of AI models across a business could create gaps.
Data resilience is already a priority in most areas of an organisation, and LLMs and other AI tools need to be covered. Across the business, you need to understand your business-critical data and where it lives. Companies might have good data governance and resilience now, but if adequate training isn’t put in place, uncontrolled use of AI could cause issues. What’s worse, is you might not even know about them.
Building (and maintaining) data resilience
Ensuring data resilience is a big task - it covers the entire organisation, so the whole team needs to be responsible.
Ensuring data resilience is a big task - it covers the entire organisation, so the whole team needs to be responsible. It’s also not a ‘one-and-done’ task, things are constantly moving and changing. The growth of AI is just one example of things that need to be reacted to and adapted to.
Data resilience is an all-encompassing mission that covers identity management, device and network security, and data protection principles like backup and recovery. It’s a massive de-risking project, but for it to be effective it requires two things above all else: the already-mentioned visibility, and senior buy-in.
Data resilience starts in the boardroom. Without it, projects fall flat, funding limits how much can be done, and protection/availability gaps appear. The fatal ‘NMP’ (“not my problem”) can’t fly anymore. Don’t let the size of the task stop you from starting. You can’t do everything, but you can do something, and that is infinitely better than doing nothing.
Starting now will be much easier than starting in a year when LLMs have sprung up across the organisation. Many companies may fall into the same issues as they did with cloud migration all those years ago, you go all-in on the new tech and end up wishing you’d planned some things ahead, rather than having to work backwards.
Test your resilience by doing drills - the only way to learn how to swim is by swimming. When testing, make sure you have some realistic worst-case scenarios. Try doing it without your disaster lead (they’re allowed to go on vacation, after all). Have a plan B, C, and D. By doing these tests, it’s easy to see how prepped you are. The most important thing is to start.