Consequences of having a public azure search for Azure open ai 'add your data' feature

lakshmi 746 Reputation points
2024-03-22T12:00:19.2133333+00:00

We are configuring data from a public storage account to Azure Open AI using 'add your data'.

Currently, we don't have any private endpoints enabled for the Azure search so we are using public Azure search for indexing data.

We want to understand more about the consequences of using public search for indexing data from the public storage account.

  • What are the potential consequences of having my data included in the public search service for Azure OpenAI?
  • How is the privacy and security of my data ensured within this service?
  • Are there any regulatory or compliance considerations I should be aware of regarding including my data in this service?
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,171 questions
Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,015 questions
Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
3,082 questions
0 comments No comments
{count} votes

Accepted answer
  1. AshokPeddakotla-MSFT 34,016 Reputation points
    2024-03-23T04:46:00.18+00:00

    lakshmi Greetings!

    Please see below answers to your queries.

    What are the potential consequences of having my data included in the public search service for Azure OpenAI?

    When you use a public Azure Search service to index data from a public storage account, both the search and storage accept requests from public IP addresses. This means that anyone can access your data, which can be a security concern.

    If network security is not an immediate concern, you can index blob data using just the connection string and read permissions. However, when you're ready to add network protections, you should see Indexer access to content protected by Azure network security features for guidance about data access.

    In summary, using a public Azure Search service to index data from a public storage account can be a security concern, and you should take appropriate measures to secure your data when necessary.

    Additionally, if your data is included in a public search service, it can be indexed by search engines and made available to the public. This can lead to unintended exposure of your data, which can be a privacy concern.

    To mitigate these risks, you should consider using a private search service or implementing appropriate security measures to protect your data. This can include using private endpoints, implementing access controls.

    How is the privacy and security of my data ensured within this service?

    Note that, Azure OpenAI supports encryption of data at rest and in transit. This means that your data is protected from unauthorized access both when it is stored and when it is being transmitted between services.

    Azure OpenAI provides access controls that allow you to restrict access to your data to only authorized users. This can include using role-based access control (RBAC) to manage access to your search service, as well as implementing network security features such as private endpoints to restrict access to your data.

    Azure OpenAI provides auditing and monitoring features that allow you to track access to your data and detect any unauthorized access attempts. This can help you identify and respond to security incidents in a timely manner.

    Overall, Azure OpenAI provides a range of features to ensure the privacy and security of your data, and you can use these features to implement a comprehensive security strategy that meets your specific needs.

    Please see Data, privacy, and security for Azure OpenAI Service for more details.

    Are there any regulatory or compliance considerations I should be aware of regarding including my data in this service?

    There are several regulatory and compliance considerations that you should be aware of when including your data in Azure OpenAI.

    For example, if your data contains personal information, you may be subject to data protection regulations such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). These regulations require you to implement appropriate security measures to protect personal data, and may also require you to obtain consent from individuals before processing their data.

    In addition, if your data is subject to industry-specific regulations such as HIPAA or PCI DSS, you will need to ensure that your use of Azure OpenAI complies with these regulations. This may include implementing appropriate security controls and obtaining any necessary certifications or attestations.

    Microsoft takes data privacy and security very seriously, and has implemented measures to ensure that personally identifiable information (PII) is not shared with OpenAI during the usage of Azure OpenAI Service. The same has been mentioned in the FAQs as well. For more information, see the Azure OpenAI data, privacy, and security guide.

    Also, check How does the Azure OpenAI Service process data? to understand more about how the data is being processed.

    Data flow diagram for the service

    Hope this helps. Do let me know if you have any other queries.

    If the response helped, please do click Accept Answer and Yes for was this answer helpful.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.