A Guide to AI Security Posture Management (AISPM)
GenAI has gone from “interesting experiment” to “embedded in every ...
When Madhu and I started Concentric AI, we took dead aim at what we saw as a foundational problem plaguing enterprises—operationalizing data security and protecting their most sensitive data at scale efficiently and easily.
Enterprise data volumes were growing, Data was also everywhere—on premises and in the cloud and across structured and unstructured data repositories and the nature of what is worth protecting is infinitely more complex—from PII/PCI/PHI data to intellectual property to financial data to business confidential data and yet most enterprises are simply unaware of where sensitive data is much less where there was risk to their information from inappropriate sharing, wrong entitlements, unauthorized access, wrong location, etc.
Rules, regex-based data discovery coupled with static policies to understand risk had deluged security teams with false positives galore, sapped their energy, and led to many enterprises having to deploy large teams often three to five dollars for people for every dollar in solution costs—as one CISO told me early on in a resigned manner—just to operationalize data security and yet be underwhelmed with their outcomes.
For something as foundational as protecting data, there had to be a better way, and we set out on a mission to change that. Thus was born Concentric AI. Our unique insight was to use language models to understand data with context and accuracy, autonomously identify sensitive data at risk and help remediate and protect data. Five years later, we have successfully deployed and protected data across 13 different verticals, from manufacturing to high tech to financial services to healthcare to high tech to energy, from TBs to PBs and without customers requiring large teams to effectively operationalize data security.
We also realized that our mission needed to expand over time to protect data across all vectors that the enterprises have to deal with. Generative AI is rapidly emerging as a critical threat vector for data leakage and exfiltration
- GenAI assistants: As enterprises are rolling out GenAI assistants like Copilot and Gemini, data security governance becomes a necessary first step to ensure necessary classification and permissions management. As enterprise customers leverage these assistants, this assures security teams that as these tools make your employees more productive, sensitive data doesn’t end up in the wrong hands and data security is not compromised
- Public GenAI usage: As public GenAI usage becomes a mainstay of every employee’s day to day functioning— from OpenAI to Anthropic to Perplexity, enterprises are increasingly concerned with sensitive data from source code to PII/PCI/PHI data getting exfiltrated across these channels
- AI workloads: As enterprises start to build and deploy AI workloads, ensuring that the models are trained on the appropriate data while keeping sensitive data outside the purview of the model and also ensuring the right data is being accessed by the right identity at the right time for the right reason.
In addition, enterprises continue to be concerned with data in motion—from employees sharing sensitive data with their personal email to file-sharing applications to social media channels.
Comprehensive data security involves being able to protect data— wherever it lives and however it is being used—from GenAI assistant deployments to public GenAI usage to deploying AI workloads to preventing data from exfiltrating across messaging, email, and file-sharing applications. This encompasses:
- Being able to ensure effective data security governance for GenAI assistant deployments
- Being able to effectively monitor public GenAI usage by employees and proactively prevent sensitive data from leaking out
- Ensuring effective security governance of AI workloads by ensuring that only the right data is accessed by the right sets of users, and for the right reasons
- Ensuring that sensitive data doesn’t get shared by employees with personal email or file-sharing applications
We are thrilled to be acquiring Swift Security and Acante that allows us to extend Concentric AI to provide comprehensive data security to deliver the industry’s first truly end-to-end data security governance platform. With these acquisitions, Concentric AI now unifies data security posture management (DSPM), data loss prevention (DLP) – not just any DLP but category and context-aware DLP—and generative AI (GenAI) governance—spanning structured, unstructured, and semi-structured data, and cloud and on-premises environments. The platform’s protections now extend across multiple GenAI use cases to secure enterprise data wherever it lives and however it’s used.
These acquisitions amplify the existing capabilities of the Concentric AI Semantic Intelligence™ platform and dramatically extend its protections for enterprise data across all three data states—at rest, in motion, and in use. The company now goes beyond securing sensitive data in GenAI assistant deployments such as Microsoft Copilot and Gemini to uniquely monitoring and preventing data exfiltration across public GenAI tools such as OpenAI, Perplexity and ensuring effective data security governance of proprietary Gen AI workloads. The expanded capabilities include discovering “shadow GenAI,” curating data for GenAI applications developed in-house, and ensuring effective access governance for these applications. What’s exciting about this is the newly acquired capabilities are strengthened by the proprietary AI within the Semantic Intelligence™ platform that facilitates the complete and accurate discovery, categorization, classification, risk monitoring, and protection of enterprise data, all through its unique ability to understand context.
This allows Concentric AI to be a one-stop data security governance platform—for at rest and in motion—to discover, monitor, and prevent data loss across the various potential channels of data leakage—from unstructured and structured data repositories to GenAI applications to email to cloud file sharing to social media channels.
Successful acquisitions are rarely about just the technology. They are also about the people and ensuring that there is alignment on core values and principles. When we met Ranga and Naveen and their teams, we were just as excited about the fact that they shared our core values – the principal ones being – an obsession to make our customers successful, a relentless work ethic, and a desire to build a great company built on transparency and trust.
We look forward to the next steps on this journey to help enterprises with their data security needs.