Safe AI for a Resilient Future: What You Need to Know
Is your Generative AI strategy overlooking a critical vulnerability? Discover why data protection needs to be a top priority in the age of AI in this episode of the Six Five On the Road. Host Krista Case is joined by Dell Technologies’ Kenneth Bachman, Director of Global Technology Office for a conversation on the critical aspects of data protection and compliance in the era of Generative AI (GenAI).
Their discussion covers:
- The necessity of considering data protection and cyber resiliency for GenAI early in the planning phase
- Understanding the evolving nature of AI and the implications for data protection amidst potential new regulations and compliance requirements
- Insights into Dell Technologies’ approach to data protection for AI, demonstrating how AI integration within data protection strategies enhances cyber resilience
- The role of Dell’s PowerProtect in safeguarding Scalable Architecture for Retrieval-Augmented Generation (RAG) workloads, highlighting a recently published technical white paper
Learn more at Dell Technologies.
Watch the video below at Six Five Media and be sure to subscribe to our YouTube channel, so you never miss an episode.
Transcript
Krista Case: Hello and welcome to Six Five On the Road. I’m Krista Case, Research Director with The Futurum Group. I have the pleasure of being joined here today with Kenny Bachman, Director within the Global Technology Office at Dell Technologies. Kenny, how are you doing today?
Kenneth Bachman: I’m fantastic. Thanks for giving me the opportunity to be here.
Krista Case: Thank you Kenny so much for being here today. I had the opportunity to collaborate with Dell earlier this year on a research brief covering data protection for AI applications. I’m really looking forward to digging into this topic with you today because I think it’s a very important topic. We’re seeing that AI workloads are becoming much more widespread. We’re seeing that they’re becoming mission critical, and so as a result we’re seeing that there is the need to start protecting these AI applications. But it’s really not as simple as it might seem right at the forefront. I know backstage we’ve had a number of conversations about this, Kenny, and that’s because while the importance of data protection and cybersecurity for mission critical workloads is it’s not a new concept, it’s quite well established and understood, and in fact, IT organizations naturally are very familiar with the approaches and best practices required here.
One of the good things is that many of these existing data protection applications and practices, they still apply to AI apps, but AI apps in particular have a number of unique requirements when it comes to data protection and security that we need to factor in and that we really need to consider. One of the things that’s top of mind for me personally based kind of on the conversations I’ve had, Kenny, is the fact that there are these numerous moving parts that go into AI applications, and naturally there’s a number of kind of very diverse data streams that may be feeding these AI applications. But I’d love to hear your perspective, Kenny, what do you see as being sort of different and unique when it comes to these AI applications in order to kind of protect them and keep them safe?
Kenneth Bachman: Yeah, that’s a great question. So I’ll reflect a little bit on what you said a moment ago, which is in many ways this is no different than many of the other workloads that exist in a customer’s data center today, right? These are moving beyond the point of just being experiments that companies are working on or projects. They’re moving into production platforms that are driving key and critical portions of customers businesses. So with that obviously is a need to protect them in a manner consistent with any other critical application to their business. Now, the challenge in many cases from my observation is that many of these companies are charging forward developing the platforms and in fact operating these platforms and they’re doing so without really considering data protection early on.
This probably in many ways shouldn’t be a surprise to us. We’ve seen this with other technology platforms over time. I’ll pick on cloud as a great example of that where many of the enterprise capabilities and things that we all understood of a data center just simply didn’t exist in the ecosystem of a cloud infrastructure. So I’m not surprised, but it is a bit alarming to me that so many companies kind of moving forward without that is a consideration along the way. As you say, some of the things that I think really make this different is the constant evolution of these platforms in the sense that they’re constantly being trained and evolve in ways to help them learn and do the things that they need the platforms to do. That really makes them a moving target in a way that many traditional applications aren’t today. There are many different parts of the architecture in terms of vector databases and things that are far more dynamic and dispersed in nature than traditional applications are, which tend to just simply have an application platform and a database behind it.
Krista Case: Absolutely, Kenny. I think you bring up a couple of really interesting points. First being I love the callback, if you will, to some of these other, for example, the adoption of virtualization, the adoption of cloud. Unfortunately, data protection is oftentimes sort of an afterthought. I do agree that I think to a degree that’s happening here. We hear quite a bit about data privacy when it comes to AI, but not as much when it comes actually protecting kind of data protection functionalities. I do agree, I think the visual of these applications that you painted being moving targets very much true. You talked about vector databases for example, but it’s also true when we think about the fact that you reference kind of the training data, which certainly has data protection and privacy considerations, but also the models themselves, any outputs. When we start to look at generative AI, there’s kind of a whole host of these different factors that need to be considered here. Are you seeing that as well from Dell’s side?
Kenneth Bachman: Yeah, absolutely. I mean, I think this is going to lead us right into discussion around the regulatory climate, around all this stuff and so forth as we walk forward in conversation here. But yeah, absolutely. Right. I mean, there’s certainly circumstances. We take some common examples today when we look at the cyber landscape as an example and how that’s evolved in recent history. You see accountability arising at the C-level and even personal accountability of executives and corporations for things that happen. While that hasn’t been yet set as a specific precedent here around AI systems, I don’t think we’re that far away from it.
Certainly there have been circumstances where legal precedents have been set, which have essentially dictated that companies are going to be held accountable for whatever decisions their AI platform makes on their behalf regardless of whether they align to their policies or not, right? So yeah, I think this is a challenging climate for customers to navigate in the moment. It’s constantly changing and evolving and things are going to get more challenging as regulations and things begin to get applied around platforms.
Krista Case: Absolutely. I think you hit the nail on the head, Kenny. I would say certainly this is moving fast and I think we will start to see new regulations or existing regulations being adapted for AI. As you referenced, you’re already seeing some legal precedents, which is quite interesting. Also, one thing that we can’t forget is the fact that any existing laws and regulations, they apply to AI applications as well. Of course these are not exempt. So certainly there’s kind of that strong increasing drive I would say that we’ll continue to see from a regulatory standpoint. So I know Kenny, kind of our general topic here is around obviously data protection. So I’d love to talk for a minute in terms of how this regulatory environment will have implications for backup and recovery in particular. I know we’ve done some work looking at AI, but even kind of beyond AI, looking at regulations and data privacy concerns and how collectively a number of these components of legislation are starting to drive things like best practices and standards. But I’d love to kind of get your take on that kind of backup and recovery lens in particular.
Kenneth Bachman: Yeah, I think there’s multiple different pieces to that. One certainly is the app, the data is in the platforms themselves and the duty the companies will have to protect those platforms, whether that’s from cyber events, whether it’s from poisoning of databases, whether intentional or inadvertent, bias in these AI platforms. All of these things ultimately will create a set of circumstances where not just the AI platform itself, but certainly the data that’s being used to train those platforms may be relevant as it relates to discovery around things and all the interactions that a company’s customers have with the platform. Again, lean back on the example of that company who had a judgment against them around their AI platform. In that circumstance, customer interacted with their AI platform, it was a chatbot and it essentially constructed its own interpretation of their policy around refunds.
So this is just a great example where some of the behaviors around these AI systems may be a little unpredictable or unknown at times, and so there’s going to I think certainly going to be a duty to preserve points in time for these platforms, not just purely from a recovery point of view, but certainly from a regulatory point of view to ultimately demonstrate where were we in that moment in time in terms of training and the data that we use to train that platform which helped it arrive at the decision that it made in that moment. Those interactions are I think going to be very key in many cases to how those circumstances are viewed when we look back at them.
Krista Case: A hundred percent. We’re certainly seeing that as well. I would say some of the kind of key checkboxes here are, as you referenced, Kenny, the ability to have those regular points of time to be able to roll back to and also have some longer term data retention requirements as well. So that way if you do have to roll back to kind of a slightly point further back in time, or if you do get kind of a legal discovery or a lot of these regulations that we’ve been referring to have specific retention requirements for how long data must be retained for. So from my standpoint, those are a couple things. I know also the ability to have what we call application consistent backup and recovery, so that way you’re able to not only recover the data itself, but the entire application in all of its components. These are, at least from my perspective, a few of the things that sort of really jump out. Anything else from your standpoint, Kenny, that you would maybe add to that list?
Kenneth Bachman: I think you nailed it. Again, these are going to be production platforms in many circumstances, driving critical functions for businesses and will be making determination around things like insurance claims, healthcare decisions and treatment plans, any number of different things that ultimately they’re going to be absolutely critical to these businesses, and for all the reasons you’ve described, will be absolutely critical to get the data protection and retention of those copies correct for companies as they go forward.
Krista Case: Certainly, Kenny. We’ll get into this in a little bit more detail when we talk more about Dell specifically, but I think from my standpoint, taking a step back, one of the things that’s also very important is being able to have these capabilities really kind of built in, baked into the solution as much as possible, right? So I know when it comes to business functions for AI, a lot of the conversations that I have center around the fact that the more these functionalities can really be built in by the vendor, that’s where the enterprise is going to be able to derive the most value. I think when we look at something like being able to protect an AI application, it resonates even more because you have these AI developers and things of that nature that it’s not their job to kind of be the data protection expert. So having those guardrails and capabilities built in at the front I would say is very critical.
Kenneth Bachman: Absolutely. Certainly our focus as a business going forward is squarely around building AI capabilities or bringing AI capabilities to AI itself, right? There’s plenty of examples where you can build AI into your data protection platform and produce some operational benefits from doing that, whether it be chatbots or things that help you navigate through support documentation and solve problems. We’ll certainly do those things too. Those are all projects in flight. But I think the greater benefit for enterprises won’t be the chatbot that’s contained within the data protection software stack. It’s really going to be the integration of the data protection capabilities directly into the AI platform itself. So we’re certainly focusing a great deal of our energy and effort in the moment around doing that with our Dell AI Factory and through a number of different partnerships today with really the aim of addressing who we believe will be the core consumer of these technologies as we move forward.
Because a little bit different than traditional data protection platforms and technologies and how and where they get deployed and used. What we see today, in many circumstances, is the people interacting with these platforms aren’t traditional backup administrators or storage administrators. They’re in fact the AI developers and AI architects and AI admins themselves. So our aim really is to just make data protection an inherent capability of the AI platform itself and therefore make it easy enough for those who are operating that AI platform day to day to manage the functions they need and to do that in a manner in which they’re accustomed to it. So simply asking the platform to tell me if it’s protected or not, or asking it to take a point in time backup, and for all that to be driven through automation and not through traditional interfaces and policies and things that we’ve maybe are more accustomed to historically when it comes to data protection.
Krista Case: A hundred percent. Again, Kenny, I think that really resonates with the conversations that I’ve been having, especially on kind of the practitioner side. I do, I work with a whole range of data protection vendors, Kenny, and I would say that there’s a lot of buzz in the industry about how to use AI to support data protection. So as you’re referencing things like chatbots and things of that nature, but the fact that Dell is talking about bringing data protection to AI, I would say that’s kind of unique and I think it’s going to be quite impactful here. So with that, I know you referenced the AI Factory. What else? So I know that kind of Dell’s PowerProtect Data Manager software plays a role here. We do have a few minutes left, so maybe if you’d like to kind of touch on a little bit from a software standpoint what PowerProtect brings to the table in particular part for protecting AI applications that’s differentiated.
Kenneth Bachman: Yeah, you bet. Thank you. You nailed it. Right. So PowerProtect Data Manager, which is our data protection platform, along with PowerProtect Data Domain, which is the storage platform behind that software, are absolutely central to the capabilities that we deliver around AI today. So our focus has been integrating PowerProtect Data Manager as a software stack into Dell’s AI Factory. The great news is that the platform was really built for that purpose. We built it in a time and a place before AI was really a focus, but we had an understanding and a forethought that the data protection technology itself needed to be positioned and designed in a way where it could be wholly driven via automation, where the user interface really just represents a subset of the capabilities of the platform itself.
So it makes it quite easy for us with the architecture being completely API enabled through and through to simply build the automation workflows and things to hitch it directly into the AI architecture itself and allow AI, in fact, to drive the operation of that platform day to day. Obviously, having a protection storage platform which is highly efficient, highly secure, highly reliable and available is obviously key behind all the software orchestration. Data Domain has obviously proven itself for more than a decade now that it is the standard to which everyone else must meet in terms of protection storage platform. So those really are the two technologies that we are building directly into our Dell AI Factory today.
Krista Case: Well, thanks so much, Kenny. I know that Dell has a number of technical white papers that we’ll be sure to include here. We’ll also include links to the brief that I mentioned at the start of our conversation, the one that we collaborated on with you regarding kind of all these concepts for data protection for AI applications. Thank you so much, Kenny. So if I had to kind of summarize a little bit from my perspective, I would say we’re certainly seeing the need for data protection for AI applications today, because they are becoming mission critical and they do have these various components to them that do make them unique. What I would say is that my takeaway from at least the Dell perspective is that you’re really trying to make this attainable to the developer and the operator by having it be really self-service, automated, built in. I love the visual of kind of being able to just ask a question, is this protected, and kind of have the solution kind of run for there and handle it so that way, again, your developer or operator doesn’t necessarily need to get stuck in the weeds there. Anything else from your perspective that you’d add to that before we close, Kenny?
Kenneth Bachman: No, you nailed it, right? I think this is the new frontier for data protection for sure. If folks aren’t focused on this yet, I think it’s time to take a look at data protection as one of the key and core capabilities that everyone needs to have built into their AI architecture. So now’s the moment.
Krista Case: I couldn’t end it on a clearer note than that. Kenny, thank you so much for joining me today. This has been very insightful, it’s been enjoyable. We wanted to thank our audience for joining us today. We appreciate it. Be sure to keep a lookout for our next episode of Six Five On the Road. Thank you so much.
Kenneth Bachman: Thank you.