Compliance Uncomplicated Episode 10: The Power of Secure AI Solutions With Labelbox
by Alexa Ovenshire
In our latest episode of Compliance Uncomplicated, we had the pleasure of hosting, Labelbox’s Senior Information Security Risk and Compliance Analyst, Derek Espiritu. Derek's expertise in compliance, security, and AI, and his passion for building trusting relationships, has been instrumental in shaping Labelbox's approach to delivering secure AI solutions.
Our very own Director of Creative Services at Drata, Elliot Volkman, spoke with Derek as he shared valuable insights into the nexus of compliance frameworks, AI, and data protection.
In this episode recap, we'll dig into the key highlights from the interview, giving you a peek into Derek's journey and the meaningful lessons he's picked up along the way.
Labelbox: Empowering AI Innovation With Trust and Compliance
Labelbox is a leading AI platform that delivers a full suite of services including data curation, AI-assisted labeling, model training and diagnostics, labeling services, and easy-to-use APIs. Labelbox's powerful annotation and data labeling platform makes training and refining computer vision and language models a breeze. Their wide range of tools and services enables organizations to build better AI products faster than ever before.
Labelbox’s Commitment to Compliance
Labelbox's proactive adoption of compliance frameworks, coupled with a robust security culture, demonstrates their dedication to trust and data protection—and adherence to key compliance frameworks as they’re currently undergoing both SOC 2 and ISO 27001 audits simultaneously.
Derek underscores that compliance isn't just about ticking boxes—it's a critical part of building trust with customers. By investing in compliance and adopting solid security practices, organizations can instill customer confidence and set themselves apart in the competitive AI landscape.
Building Trust in the Age of AI
In an era where AI advancements are rapidly evolving, trust becomes even more paramount. Derek drew attention to the potential risks associated with AI and data breaches, emphasizing that as AI innovates, so do the efforts of malicious actors.
"Breaches happen, and they're happening all over the place. As much as AI is innovating, so are the red teams and the black hats."
The need for trust amplifies with the vast amounts of data that AI models process. He used ChatGPT, one of the largest language models of all time, as an example—it holds trillions of data points, each one potentially up for grabs.
Investing in compliance and adopting robust security practices lets organizations instill confidence in their customers. This trust factor becomes a competitive edge, enabling organizations to better differentiate themselves and establish long-lasting partnerships.
Transparency Instills Confidence
Derek also touched on how transparency around security measures and adherence to robust compliance frameworks instills confidence in customers.
Labelbox embraces transparency as a way to instill confidence in its customers. By providing a comprehensive security documentation package to customers after signing an NDA, Labelbox offers detailed insights into their security practices. This transparency builds trust and reassures customers that their data is in safe hands.
Navigating Compliance and Leveraging Drata
In this episode, Elliot and Derek dive into the intricacies of compliance frameworks, with a particular focus on SOC 2 and ISO 27001.
Derek stressed the importance of these frameworks as the gold standard for organizations, referring to Labelbox's decision to pursue both simultaneously. Being audited against these frameworks demonstrates Labelbox's commitment to providing the most secure platform for customers.
The conversation also touched on the challenges of managing multiple audits at the same time. Derek highlighted the importance of careful planning and coordination to ensure a smooth process. By maintaining an organized calendar, following a structured approach, and using Drata, Labelbox efficiently manages its compliance initiatives.
Embracing Compliance Platforms
Leveraging a compliance automation platform can vastly simplify the process of maintaining compliance and security.
Derek shared his experience being introduced to Drata when he joined Labelbox, and how it opened his eyes to the possibilities of streamlined evidence collection processes and time-saving documentation management.
“Drata transformed the tedious process of manual evidence collection into an efficient, centralized experience.”
By adopting compliance platforms like Drata, organizations can streamline their compliance processes, improve efficiency, and maintain an up-to-date security posture—focusing on core security practices while meeting compliance requirements.
Advice for Companies Getting Started on Their Compliance Journey
For organizations embarking on their compliance journey, Derek offers valuable advice throughout the episode:
As Derek puts simply, “The best time to start is now.” Don't delay—start implementing security and compliance measures as soon as possible. Even basic policies can show customers that you are committed to protecting their data.
Research Applicable Frameworks
Start by researching the compliance frameworks that are relevant to your industry. SOC 2 and ISO 27001 are considered gold standards and should be implemented as early as possible.
Build a Security Culture
Foster a security-first mindset within your organization. Conduct security awareness training and encourage practices like screen locking and laptop security, especially in remote work environments.
Embrace transparency by providing comprehensive security documentation to customers. This transparency builds trust and instills confidence in your organization's security practices.
Embrace Compliance Platforms
Leverage dedicated compliance platforms, like Drata, to streamline your compliance processes. These platforms simplify evidence submission and documentation management, allowing you to focus on core security practices.
Listen to the Episode
As organizations embark on their compliance journeys, they can learn from Derek’s experiences and the practices implemented at Labelbox. By prioritizing compliance, embracing security best practices, and leveraging innovative AI platforms, organizations can build trust, protect data, and create remarkable AI products that drive the future of technology.
To learn more about Labelbox's suite of products and services, visit Labelbox's website. You can also reach out to Derek directly via email at [email protected] for further questions or to chat more about the exciting possibilities of AI innovation.
Want to be in the know? Subscribe to our newsletter, Trusted, to keep up with the latest news.