Intelligente organisatie AI systems

Integrating security, compliance, and session management when deploying AI systems

As enterprises adopt AI (artificial intelligence), they'll need a sound deployment framework that enables security, compliance, and session management.

As accessible as the various dimensions of AI are to today's enterprise, one simple fact remains: embedding scalable AI systems into core business processes in production depends on a coherent deployment framework. Without it, AI's potential automation and acceleration benefits almost certainly become liabilities, or will never be fully realized.

This framework functions as a guardrail for protecting and managing AI systems, enabling their interoperability with existing IT resources. It's the means by which AI implementations with intelligent bots interact with one another for mission-critical processes.

With this method, bots are analogous to railway cars transporting data between sources and systems. The framework is akin to the tracks the cars operate on, helping the bots to function consistently and dependably. It delivers three core functions:

  • Security
  • Compliance and data governance
  • Session management

With this framework, AI becomes as dependable as any other well-managed IT resource. The three core functions each need to be supported as follows.


A coherent AI framework primarily solidifies a secure environment for applied AI. AI is a collection of various cognitive computing technologies: machine learning, natural language processing (NLP), etc. Applied AI is the application of those technologies to fundamental business processes and organizational data. Therefore, it's imperative for organizations to tailor their AI frameworks to their particular security needs in accordance with measures such as encryption or tokenization.

When AI is subjected to these security protocols the same way employees or other systems are, there can be secure communication between the framework and external resources. For example, organizations can access optical character recognition (OCR) algorithms through AWS or cognitive computing options from IBM's Watson while safeguarding their AI systems.

Compliance (and data governance)

In much the same way organizations personalize their AI frameworks for security, they can also customize them for the various dimensions of regulatory compliance and data governance. Of cardinal importance is the treatment of confidential, personally identifiable information (PII), particularly with the passage of GDPR and other privacy regulations.

For example, when leveraging NLP it may be necessary to communicate with external NLP engines. The inclusion of PII in such exchanges is inevitable, especially when dealing with customer data. However, the AI framework can be adjusted so that when PII is detected, it's automatically compressed, mapped, and rendered anonymous so bots deliver this information only according to compliance policies. It also ensures users can access external resources in accordance with governance and security policies.

Session management

The session management capabilities of coherent AI frameworks are invaluable for preserving the context between bots for stateful relevance of underlying AI systems. The framework ensures communication between bots is pertinent to their specific functions in workflows.

Similar to how DNA is passed along, bots can contextualize the data they disseminate to each other. For example, a general-inquiry bot may answer users' questions about various aspects of a job. However, once someone applies for the position, that bot must understand the context of the application data and pass it along to an HR bot. The framework provides this session management for the duration of the data's journey within the AI systems.

Key benefits

The outputs of the security, compliance, and session management functions respectively enable three valuable benefits:

No rogue bots: AI systems won't go rogue thanks to the framework's security. The framework ingrains security within AI systems, extending the same benefits for data privacy. This can help you comply with today's strict regulations in countries such as Germany and India about where data is stored, particularly data accessed through the cloud. The framework prevents data from being stored or used in ways contrary to security and governance policies, so AI can safely use the most crucial system resources.

New services: The compliance function makes it easy to add new services external to the enterprise. Revisiting the train analogy, a new service is like a new car on the track. The framework incorporates it within the existing infrastructure without untimely delays so firms can quickly access the cloud for any necessary services to assist AI systems.

Critical analytics: Finally, the session management function issues real-time information about system performance, which is important when leveraging multiple AI systems. It enables organizations to define metrics relevant to their use cases, identify anomalies, and increase efficiency via a machine-learning feedback loop with predictions for optimizing workflows.

Necessary advancements

Organizations that develop and deploy AI-driven business applications that can think, act, and complete processes autonomously without human intervention will need a sound deployment framework. Delivering a road map for what data is processed as well as how, where, and why, the framework aligns AI with an organization's core values and is vital to scaling these technologies for mission-critical applications. It's the foundation for AI's transformative potential and, more important, its enduring value to the enterprise.

Source: Ramesh Mahalingam

Author: TDWI