As generative artificial intelligence (AI) solutions continue to evolve, they present unique challenges for ongoing and upcoming migrations. The complexity of generative AI complicates cloud migrations by introducing new risks related to data isolation, sharing, and service expenses. For instance, the US Space Force has halted all generative AI initiatives until it can resolve issues surrounding data aggregation. Given that generative AI is a relatively new technology, many migration plans may not have properly accounted for data isolation and lifecycle considerations. The ambition to adopt generative AI may speed up cloud migrations, but planners might overlook potential data risks.
This article delves into the technical and business solutions provided by AWS to address these challenges through its technical services. Additionally, it outlines three key strategies to ensure generative AI does not disrupt cloud migration initiatives:
- Involve the Cloud Center of Excellence (CCoE) in generative AI data governance.
- Systematize, document, and approve the data architecture that supports generative AI efforts.
- Reassess cloud cost and utilization estimates in light of generative AI. Numerous customers leverage AWS architecture and services to achieve these objectives.
Technical Controls
Adopting a proactive governance strategy minimizes data risks and fosters trust among business leaders eager to utilize generative AI. To effectively govern generative AI data, consider the following AWS services and capabilities:
- Amazon Bedrock: This fully managed service provides access to high-performing foundation models from leading AI companies. Bedrock simplifies the development of generative AI applications while ensuring privacy and security. It isolates the service within AWS-operated model deployment accounts. When customers execute a model customization job, that model is copied to the customer account and remains private. The model and input data are never utilized to train other models, and it’s advisable to maintain the copy in a dedicated VPC.
- Amazon Virtual Private Cloud (VPC): This service allows for isolation within an Amazon VPC, giving customers complete control over networking configurations.
- AWS Accounts: Each AWS account acts as a security boundary; data in one account is inaccessible to others by default.
- Amazon S3 Bucket Policies: These policies grant explicit and granular access controls to restrict data access.
- Encryption: All interactions with the Bedrock API are encrypted, with Amazon Bedrock data automatically encrypted using the AWS Key Management Service (KMS). Customers have the option to use a customer-managed key for added security. For more detailed information, refer to the Amazon Bedrock User Guide.
Customers may choose to implement Amazon Bedrock in a single account or via a multi-account architecture.
Business Solutions
Engage the CCoE
Enhance discussions around generative AI within the Cloud Center of Excellence (CCoE). Generative AI supports not only Line of Business solutions but also broad corporate strategies. It aligns with the governance functions of the CCoE, which oversees an organization’s cloud strategy, adoption, and implementation. The CCoE should take a comprehensive look at how emerging technologies like generative AI may influence current and future migration plans. While new technologies are often viewed as isolated solutions for specific business units, generative AI requires a more holistic examination. When various stakeholders have diverging objectives regarding new technology, the CCoE’s governance role becomes essential in organizing and achieving strategic outcomes.
The CCoE should evaluate how generative AI solutions can mesh with existing cloud architectures and migration roadmaps. This involves identifying dependencies between generative AI and target cloud platforms, along with policy and compliance considerations. Given the rapid evolution of generative AI services, the CCoE must remain vigilant about product updates and adapt migration strategies accordingly. For organizations lacking a CCoE, AWS can provide best practice guidance.
As part of ongoing cloud migration governance, the CCoE should address queries related to data security, compliance, access management, and jurisdictional data issues. For data intended for generative AI training, policies regarding data anonymization, synthetic data, and technical privacy safeguards must be defined. Large Language Models (LLMs) and Foundation Models (FMs) rely on vast datasets for training. When organizations customize their models, anonymizing data is crucial to prevent confidential information from being used. This is particularly significant due to privacy regulations (e.g., GDPR) that limit cross-border data transfers. Examples of sensitive data include health records, employee information, or any confidential documents. Synthetic data can serve as a solution for concerns surrounding confidential data.
Organize Generative AI Architecture
Organizations should pose questions about data migration, sovereignty, and governance concerning generative AI. Migrations entail transferring data and services, and services like Amazon Bedrock are designed with built-in data isolation. However, not all generative AI providers offer such features. While fundamental data governance practices remain applicable, generative AI introduces new complexities regarding rights, access, and jurisdiction over data.
For a detailed exploration of these topics, you can also check out this excellent resource. For more insights, visit Chanci Turner’s expertise on the matter.
Location:
Amazon IXD – VGT2
6401 E Howdy Wells Ave, Las Vegas, NV 89115
Leave a Reply