Immuta, the data security experts, announced the launch of new data governance and audit capabilities for Retrieval Augmented Generation (RAG)-based GenAI solutions across multiple cloud platforms. This makes the company first-to-market with a multi-layer architecture for securing, monitoring, and auditing sensitive data accessed by RAG-based AI applications. Before we get any further into this development, we must acknowledge how, according to a recent survey done by Immuta, 80% of data experts agree that AI is making data security more challenging. Having said so, nearly 88% of participants also claimed that employees are using AI, regardless of whether the company has officially adopted it or not. Such a reality, like you can guess, comes with potential to cause friction between AI users and IT, as well as orchestrate rogue or unsanctioned use of AI tools, known as shadow AI. To address the same, there has emerged a need for lines of defenses across the storage layer, data layer, and prompt layer. Talk about different layers of defense on a slightly deeper, the storage layer and first line of defense, for instance, is where unstructured data remains at rest, most commonly in Amazon S3, ADLS, or Google Storage. Here, Immuta collaborated with AWS to develop a native Amazon S3 integration that enforces fine-grained and scalable access control on unstructured data stored in S3. Hence, with Immuta, attribute-based access controls (ABAC) are trickled down to the storage layer, which is critical in securing the first line of defense.
Moving on to the data layer and second line of defense, it is where unstructured data is transformed for model training and encoded for RAG use cases. We get to say so because using RAG enables large language models (LLMs) to utilize domain specific knowledge sources, thus improving timeliness and reducing hallucinations. More on the same would reveal how Immuta’s latest brainchild brings forth control access to the storage layer with multi-layered policies for securing sensitive data when building RAG indexes. Next up, we must dig into its ability to maintain a highly accurate and granular metadata inventory of RAG indexes with topic-based classification of row-level data and RAG indexes. We referred to how the new solution delivers control access to storage layer, but what still remains to be discussed is its knowhow when it comes to conceiving a similar control access to RAG-based applications. Such an access is markedly enforced at the data layer to give data platform teams control through natural language policy creation, prompt/query-time policy enforcement, multi-platform RAG support from Snowflake and Databricks, and domain-specific RAG policy.
Rounding up highlights would be the solution’s promise of monitoring and auditing RAG index access with operational monitors that provide a continuous view into RAG operations and a single view of AI application data access across all supported platforms.
“Operating at the first two lines of defense – the storage and data layers – is essential to scaling secure enterprise AI workloads,” said Mo Plassnig, Chief Product Officer at Immuta. “With Immuta, data teams now have a single control plane for policy enforcement, visibility, and auditing at the storage and data layers that works across multiple cloud platforms and RAG models. This means data teams are able to leverage the significant investments they have made in their cloud data platforms, and rapidly extend their platform capabilities to their AI application workloads.”