NetFoundry’s Ziti Platform enables AI service providers to serve your customers faster and better by eliminating the obstacles of requiring your customer infosec teams to give you inbound access (VPN, permitted IPs) to their data centers. Your customers’ stakeholders get faster access to the AI tools they innovate with, and infosec doesn’t need to provide any inbound access to their data centers.
Businesses who consume AI tools without service providers leverage the same solution.
The Ziti platform is available as NetFoundry hosted SaaS (CloudZiti) or as self-hosted open source (OpenZiti).
Use AI and LLMs without multiplying risk
Eventually every business will use Large Language Models (LLMs). Check out HuggingFace for example, or take GPT or Bard for a spin. These models need to be trained on large data sets, and increasingly communicate with APIs and plugins. AI service providers help businesses do this, but the problem is businesses need to poke holes in their firewalls in order to engage with AI service providers, or to engage directly with distributed AI solutions:
This makes it difficult for both the AI Service Provider, and for the business who wants to benefit from AI. Firewall hole punching and VPNs can take days to months to approve and implement (if they get approved at all).
In some cases, the AI Service Provider has to fight this challenge on both sides:
NetFoundry’s Ziti Platform fixes these problems. No inbound access, IP address dependencies or VPN complexity. You can even leverage AI with private DNS and private IPs, even when interfacing with Internet-based AI solutions:
Teams now leverage AI services without poking holes in their firewalls. Ziti software spins up encrypted, outbound-only connection to each private Ziti network overlay, without requiring any infrastructure deployment. Each connection is service-specific, building in microsegmentation and ensuring that no connection can laterally access other connections. The firewall policy enforcement point is moved to the origin of the traffic – it never even gets on the private Ziti network if it is not fully identified, authenticated and authorized ahead of time!
Visibility and control of AI and LLMs
Key to the speed and security benefits described above is the level of visibility and control which CloudZiti provides. Organizations need to know who is doing what, and this now extends to LLMs. It is difficult to even plan or budget without having much of an idea of AI usage patterns. Similarly, visibility is critical for security – sensitive data may be flowing out of your customers to their AI solutions. Ziti provides AI providers and your customers with the exact view, at a network level, of data going to every single service. A single click or API call can alter policies to temporarily suspend or permanently block any flow, if necessary.
Your customers want to securely share training data, use third-parties to do tagging and annotations, and leverage third-party plug-ins and APIs, so the Ziti model secures APIs and server-to-server with the same zero trust as is used between humans and machines. API usage data is also shown at a network level. APIs are gated at the network level – not facing the Internet at all – even though the API consumers are using the Internet. Specific services and APIs are granted access to training data, in a full mutual TLS (mTLS) architecture, without that training data being exposed to the Internet. Similarly, humans can leverage built-in MFA and posture checks, as well as optionally layer in third-party MFA.
Ziti also helps with data loss prevention (DLP). Each service is defined in both directions so you can prevent users from uploading to a service, while enabling them to consume data from the AI service. This can be very helpful when dealing with quickly developing AI solutions which often don’t yet have robust DLP built-in. This also can be done at any level – API, user, user group, site, etc.
Get started with Ziti and shed the VPNs and firewall holes