- Protecting sensitive data, intellectual property, legal documentation, personally identifiable information, and other confidential content becomes easier when access to such information is granted only to employees or others with established authorization. The risks of data theft decrease as the layers of security increase.
- Achieving, tracking, and maintaining compliance with data privacy and security regulations, industry standards, such as for automated decision-making, company acceptable use policies , and other guidelines becomes manageable when working with smaller groups and targeted or diverse requirements.
- As cost structures for model use will continue to fluctuate before they settle down, resource allocation ranks high on the list of benefits afforded by model permissioning. Limiting the number of teams or employees who have access to a model enables efficient usage controls for computational resources and allows organizations to right-size licenses, subscriptions, or seats for models, which gains importance when multiple models are in use.
- The ability to customize model actions or activities based on specific use cases and/or user groups streamlines functionality, and the ability to customize filters and scanner sensitivity enables responses tailored to meet organizational needs.
Blog
16 Nov 2023
The Importance of Permissioning Large Language Models in Enterprise Deployment
The Importance of Permissioning Large Language Models in Enterprise Deployment
The Importance of Permissioning Large Language Models in Enterprise Deployment
Large language models (LLMs) like ChatGPT appeared in late 2022 and caused a tidal wave of awareness about the power of AI. Many businesses immediately recognized this technology’s potential as transformative, on par with the advent of the World Wide Web or the cloud, and sought to harness its power while giving little thought to safety or security. Many business enterprises slipped into frustrated hesitancy, unsure of how to adapt, and some simply froze.
Since their arrival, LLMs have completely changed the ecosystem, from the way organizations plan investment strategies and market tactics, to revamping corporate operations, to crafting legal documentation. And the models themselves have continued to change, iterating from large public foundation models, such as ChatGPT and Bard, to fine tuned, industry-targeted models, such as Harvey and BloombergGPT, to organizations increasingly fine-tuning or building retrieval-augmented generation (RAG) models, and, lately, to internal models.
This most recent development is a phenomenon in its own right: These internal models are trained on proprietary data for the purpose of accomplishing targeted tasks within an organization, department, or team. The RAG process involves entering specific company data—for instance, legal documentation, customer service records, or marketing campaigns—into the model, training the model to identify and analyze patterns and other content, iterating to attain performance thresholds, and then using that model for its intended purpose.
The use of internal RAG and fine-tuned models enables the use of policy-based access controls (PBAC) that allow only identified personnel the opportunity to engage with the model and its data. Much like organizations use Active Directory and other permissioning systems to segment and control access to data, access to information and models can be segmented according to teams or individuals, based on company policy, business need, or other enterprise-specific determinants. As the use of models across the enterprise continues to expand, the use of permissioning will continue to be an important element of business operations, as well as a critical factor in LLM security.
