How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

The emergence of an actual AI strategy at Celonis has driven a broader technology transformation within the organization. Although Celonis is a relatively young company, with a smaller on-premises footprint compared to older enterprises, we still face the challenge of connecting systems to bring data together in ways that make AI truly useful. The development of a strategy around data warehousing has prompted changes to our controls in identity and access management, as well as data governance. The fact that we now have a comprehensive strategy is forcing these changes, rather than simply reacting to individual use cases as they arise. This shift is beneficial for the organization, as it moves us away from ad hoc solutions and toward a more unified approach to AI governance and security.

We aim to follow best practices and measure how we apply them, especially as we adjust our controls to support AI governance and security. On the data side, we are refocusing efforts on data classification and strengthening how we tag data. This includes revisiting our Data Loss Prevention (DLP) program to ensure it aligns with the expanded reach of AI products and services. When using these services in-house, it’s important to assess the sensitivity of controls in place. For example, visibility of information and sensitivity management are critical, as highlighted in recent discussions. We have all experienced incidents of data leakage, and it is never a good outcome. Strengthening these controls is essential to maintaining security as we integrate AI into our operations.