Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

🔒 Data leakage prevention is crucial in today's digital age! It's all about safeguarding sensitive information from unauthorized access or accidental disclosure. At Unique, we take this responsibility seriously. With our cutting-edge technology and robust security measures, we are dedicated to preventing data leaks and ensuring your valuable data remains confidential and protected.

This document outlines the technical considerations and configurations necessary for integrating Unique with the Clients existing DLP solutions to monitor and protect against the leakage of sensitive information. Unique does not offer a DLP itself but the option to integrate an existing DLP.

While some DLP measures are taken by Unique, for some others we depend on the client’s expertise and infrastructure. Below you find methods available to prevent data leaking when using the Unique FinanceGPT Chat.

This article does not outline Unique's additional measures to avoid data loss and leakage (e.g., disclaimer information, terms of use, training, Technical and Organizational Measures (TOMs), opt-out from training, and prompt checking for Microsoft Azure OpenAI Services, etc.) but the options to integrate the clients existing DLP.

Methods

I DLP Proxy

This form of DLP is not implemented by Unique. Unique and its platform profit from the clients existing infrastructure that prevents leakages as it does for any other site like googling it or pasting by accident into a text field.

Unique's clients usually rely on managed devices. Most of them funnel their device traffic through a VPN and a proxy before it egresses out to the internet.

There is also a variation of this setup where the browser uses a browser plugin to pipe all egress traffic first to the DLP itself without relying purely on the network setup1.

This DLP proxy (which may not be its only purpose) has the ability to inspect certain protocols, in Unique's case https. After unwrapping the content (see in diagram B.1), it gets scanned with the DLP and depending on the result either repackaged and egressed(see in diagram B.2) or rejected.

If clients do not feature such a device and proxy setup only route (see in diagram A) remains available and no DLP is possible in this regard.

Performance Impact

Depending on the proxy and DLPs speed, this method can have a latency, speed, and User Experience impact which Unique can sadly not mitigate as they are fully dependent on the clients' system throughput.

II Analytics APIs

Main article: Analytics

This is more of a post-processing, controlling sort of prevention driven by some of our key clients. While actively monitoring user input and trying to avoid leakages, some cases can only be really detected when scanning and post-processing the prompts, messages, and chats.

Unique offers specific Analytics APIs that can be called by a controlling service or automation that in turn runs the content through the client's DLP system.

Output/findings of DLP scans should be regularly reviewed (regular sample checks) by the respective client’s compliance and/or data protection team. It is not the responsibility of Unique to check output (not allowed by contractual terms and also not part of the Unique service offering). Clients should make sure that the output/ findings are handled according to internal guidelines, policies, and regulations.

Performance Impact

This approach does not affect the end users in either latency or speed as it is completely asynchronous.

III Pre-LLM DLP Calling

This feature does not exist and would need to be offered and built.

Scenarios

Scenario

Handled with method

Data/File Upload Scans

Proxy

Usually the existing DLP solutions of the client scan the uploaded files during web browsing activities, the DLP's role is primarily at the proxy level. Here, the DLP system inspects web traffic to identify any potential transmission of sensitive data.

Prompts

Proxy and Analytics API

Unique offers an API that can be integrated with the existing DLP systems to monitor the data being processed. The API is designed to work with the bank's existing security infrastructure to log queries and extract them for DLP inspection.

There is no real-time interception by DLP systems as the response time to receive answers to prompts (questions) would be too long for chat interactions (incl. streaming). Instead, the DLP system will scan the prompts during post-chat analysis. This approach allows for a balance between user experience and security, ensuring that sensitive information is not inadvertently exposed during interactions.

General information on DLPs

In summary, the DLP system works in tandem with web proxies and cloud services to provide a comprehensive security net for all forms of data transmission within the banking environment. By scanning prompts post-chat, intercepting file uploads, and integrating with SharePoint and Azure, the DLP system plays a crucial role in preventing data loss and ensuring compliance with data protection regulations.

The integration of Unique with DLP solutions is a critical step in safeguarding sensitive banking information. By adhering to the guidelines outlined in this document, banks can leverage the benefits of AI while ensuring that their data remains secure and compliant with regulatory standards.

Compatibility

While it is known that certain enterprises manage to force clients to allow-list their domain, Unique is known to be compatible with https (or ssl/tls) interceptors/proxies. If the client is unsure whether their DLP system works with Unique, get in touch with a customer success representative to get a PaaS account to test it out.

Unique relies on state-of-the-art connections, encryptions, ports, and sockets3 without bizarre modifications that are known to malfunction with existing DLP solutions.

Vendors

Unique does not make any vendor recommendations. There are some vendors though that are proven to be compliant with Unique (under regards to 1):

1: This method is known to be breaking or sunset with the upcoming introduction of Manifest V3 into the browsers. The DLP vendors are aware of these issues and work on a solution themselves.

2:

 Disclaimer

Unique acknowledges that certain names, brands, trademarks, or logos mentioned or displayed on our platform are the property of their respective owners. Any references made to these names, brands, trademarks, or logos are for informational purposes only and do not imply endorsement, sponsorship, or affiliation with Unique. We have no intention of infringing upon the rights of the trademark owners, and any use of their names, brands, trademarks, or logos is in accordance with the principles of fair use.

Unique strives to provide accurate and reliable information, but we make no representations or warranties regarding the accuracy, reliability, or completeness of any content related to the mentioned names, brands, trademarks, or logos. Users are advised to independently verify any information and should direct any inquiries or concerns regarding these names, brands, trademarks, or logos to their respective owners.

By using our platform, you agree that Unique shall not be held responsible or liable for any direct or indirect damages or losses arising from the use or reliance on any information related to the mentioned names, brands, trademarks, or logos. It is your responsibility to exercise caution and seek professional advice when necessary.

3: Unique leverages sockets for its chat messages streaming but only uni-directional from the backend services towards the browser and not vice-versa.

Author

Dominik Meyer

  • No labels

© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service