AWS Public Sector Blog

Generative AI for public agencies: 5 best practices for secure implementation

This is a guest post from SMX, an AWS Premier Tier Services Partner.

AWS branded background design with text overlay that says "Generative AI for public agencies: 5 best practices for secure implementation"

Generative artificial intelligence (AI) is revolutionizing public agencies by streamlining services and providing valuable insights from large datasets. To keep pace with generative AI’s widespread growth, President Biden issued an Oct. 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The order provides guidance on responsible AI development and deployment, and sets a timeline for agencies to develop plans to implement generative AI safely.

However, adding generative AI to your agency is not a simple process. “If you’re an organization trying to do AI, it’s easy to do a pilot—but it’s hard to make it an enterprise asset unless you’ve got foundational elements in place,” says Robert Groat, EVP of strategy and technology at SMX, an Amazon Web Services (AWS) Premier Tier Services Partner.

SMX helped one nonprofit agency build a robust architecture in the AWS Cloud that provided them the foundation for building and implementing generative AI tools. In this post, generative AI experts Groat and Anthony Vultaggio, chief technology officer at SMX, explain five best practices they used to help this agency prepare for generative AI.

Keep data privacy and security a top priority

For government agencies, security is a key generative AI concern on multiple levels: the datasets being processed, the integrity of the AI model, and the processing of the data itself. The Executive Order emphasizes the need for maintaining security through robust mitigation efforts, including finding and neutralizing vulnerabilities, reducing the collection of excess data, and anonymizing citizen data.

“To maintain privacy and security, agencies will need robust access controls to restrict access to sensitive data,” says Groat. “That should include data encryption—both at rest and in transit. Plan to implement the same security practices used to meet regulatory compliance efforts around HIPAA and other data privacy regulations.”

To safeguard data, agencies should implement a zero-trust framework, which involves continuously verifying the identity and integrity of users and devices accessing the network. This approach reduces the risk of unauthorized access. Large datasets contain private information, and efforts should be made to anonymize data and maintain firm access control as much as possible.

Ensure equity through human oversight

One of the biggest challenges for federal agencies working with large datasets is avoiding perpetuating bias and violating civil rights in the collecting, processing, and application of that data through AI. A strategy of data minimization—collecting only specific, necessary data for a particular data model—should guide the use of generative AI. With any gathered data, agencies need clear context and validation of the data sources to avoid the introduction of unintentional bias.

Explainability is another mitigation for avoiding bias. “Auditability with your data is important,” says Vultaggio. “You need to be able to show how gen AI got to an answer. If any bias is found, you can reverse-engineer how the model arrived at that answer and fix the problem at the source.”

Maintaining a human being in the decision-making loop is another important way to mitigate bias in generative AI. “Generative AI is great at making numerical predictions with large sets of data, but you need humans overseeing the process to apply empathy and ensure ethical outputs,” says Groat.

Embrace upskilling and a “culture of innovation”

“Sometimes there’s a resistance to change in government agencies,” says Groat. “Maybe they haven’t done the foundational requirements for digital transformation. They may need to introduce some kind of ‘change agent’ for leveraging innovation.” This can be done by building “centers of excellence” around AI projects to cultivate innovation, rewarding leaders who demonstrate new ways to use generative AI at the agency. Communicating these successes and sharing best practices and lessons learned will foster both excitement and the continued growth of AI usage.

Fear of job loss can be another cultural obstacle to generative AI adoption. Agencies should provide intentional upskill opportunities for employees to learn the skills needed to work with AI—while reassuring staff that AI presents an opportunity for reducing repetitive tasks while helping employees focus on higher-value, more rewarding work. For all of these reasons, internal training programs are essential for successful generative AI adoption.

Implement a modern, digital foundation and updated governance

Core elements of digital transformation—firm security architecture, data exchange capabilities, and a foundational data model—all need to be in place to support generative AI. Since generative AI requires pulling from multiple data sources, strict data governance must be implemented around all data access—which starts with a robust API architecture and a modernized portfolio of apps.

“We offer a workshop that looks at the suitability of AI for your agency,” says Groat. “We start by asking prescriptive questions: Have you implemented the core digital transformation steps? Is a strong security foundation in place? Do you have a strong cloud foundation?”

To develop generative AI into a valuable enterprise asset, the core digital foundation and services must be in place, along with the trained staff to operate and manage it.

Establish AI cost controls at the start

Before implementing generative AI, agencies should understand the cost model, which is similar to cloud computing. “With gen AI, you’re being charged per cluster of tokens,” says Vultaggio. “You’ll need something in place that can monitor the burn rate of those tokens to show what your AI spend will be. It can vary greatly depending on the user count or the complexity of the implementation.”

Agencies should consider scheduling an AI readiness workshop to learn how to build a cost-optimized AI architecture. SMX’s Elevate AI labs, for example, include consultation on establishing cost controls, as well as your technological readiness for AI and the suitability of your current environment to deliver the AI outcomes you want. These workshops also include sandbox opportunities to experiment on proofs of value for your AI project.

Unlock the power of generative AI—the right way

With its many layers of complexity, generative AI is not a technology that can be simply purchased and bolted onto your infrastructure. For that reason, choosing the right vendor is critical to the success of your generative AI initiatives. Here are some considerations to guide this decision:

  • Digital transformation is the foundation for generative AI, so your vendor should have a proven track record of success with guiding and developing digital transformation projects.
  • The right vendor will have an intimate familiarity with your agency’s mission, a clear understanding of the desired mission outcomes, and expertise in the technologies needed to support it.
  • Look for someone who is experienced in the unique challenges of high-compliance public sector environments and can operate at the scale of your data and your agency’s mission.
  • Finally, since the generative AI vendor relationship needs to be consultative, your vendor should offer a working partnership with back-and-forth conversations that move toward the best solution for your agency’s mission.

Generative AI has the power to transform government operations and ignite projects and possibilities that had previously been unthinkable—but as a complex and somewhat formidable tool, it needs to be built deliberately and wielded carefully. Working with the right experts can ensure you’re building the infrastructure, policies, and training to help you make the most of this powerful new technology.

Want to learn more? Determine your agency’s generative AI readiness through an SMX Elevate AI lab or attend the SMX session (ID# AIM203-S) at the AWS Summit in Washington, DC, on June 26, 2024.

Read related stories on the AWS Public Sector Blog: