Security and privacy for BMC HelixGPT
BMC HelixGPT is a platform service inside the BMC Helix tenant. It is subject to the same security policies and role-based access as other Helix applications.
BMC HelixGPT connects to the generative AI service provider, such as Azure OpenAI or Google Cloud Platform Vertex, and all transactions occur through the service. The prompts and contextual data are sent to the third-party Large Language Model (LLM) provider.
BMC HelixGPT prioritizes data security and privacy for every tenant through the following security measures:
Stateless design
For every prompt, BMC HelixGPT seamlessly incorporates contextual data, such as the text obtained from knowledge articles, into the input before submitting it to the LLM. Contextual data is always under the control of the HelixGPT administrator.
The following workflow shows how data flows in the BMC HelixGPT architecture without being persisted in BMC HelixGPT Manager, Vector DB, or the third-party LLMs:
The following table lists the steps in which data flows:
Step | Performed by | Action | Example |
|---|---|---|---|
1 |
User | A user submits a query through one of the BMC Helix products. | “I cannot connect to the office Wi-Fi.” |
2 |
BMC HelixGPT Manager | BMC HelixGPT Manager converts the user query into a partial BMC HelixGPT prompt. | Predefined prompt: “I cannot connect to the office Wi-Fi” Placeholders are added for contextual data. |
3 |
Vector DB | The Vector DB performs a semantic search on knowledge articles based on the prompt. | Relevant knowledge article is found: Connecting to the office Wi-Fi |
4 |
LLM | The LLM provides the response to the user query in natural language. | Troubleshooting advice is provided in natural language. |
5 |
BMC HelixGPT Manager | BMC HelixGPT Manager generates a comprehensive answer to the user query containing the natural language response from the LLM and relevant knowledge articles. | An answer containing the LLM-generated response and links to the relevant knowledge article is returned to the user. |
6 |
User | The user receives the response through the BMC Helix product from which the query was sent. | "Steps to connect to the Wi-Fi. Sources of information." |
Secure permission model
BMC HelixGPT follows a multilevel security model to secure the data:
- At the infrastructure level: The Vector DB is built on the OpenSearch cluster and follows the same data security standards as other OpenSearch clusters that run in the SaaS infrastructure, which includes encryption at REST for disks.
- At the application level: All data in the Vector DB goes through per-user access control. If a user doesn't have permission to view certain documents that are indexed in OpenSearch, those chunks or documents are not sent to the third-party LLM provider.
With multilevel security, data is accessible based on a user’s access permissions defined in the BMC Helix ITSM permissions model or in BMC Helix Portal. Any change to permissions is immediately synced with BMC HelixGPT.
BMC HelixGPT uses the end user’s existing permissions to enforce access control. The end user (typically a support agent) has access to the following resources:
- Knowledge articles
- Support tickets
- Enterprise data sources
With BMC HelixGPT, an end user obtains actionable summaries from the resources based on the permissions assigned to the end user and the resources. An access control list (ACL) check is also conducted before the contextual data is returned to BMC HelixGPT to ensure the user has access to the related contextual data.
Examples
- User permission model:
- An IT Support agent cannot access HR support tickets.
- A support agent and an administrator receive different answers to the same question based on their user access.
- Resource permission model: Internal KAs and documents are inaccessible externally or publicly.
Data encryption
BMC HelixGPT leverages data stored in Vector DB (OpenSearch), which is securely hosted within BMC data centers. Data security is reinforced through full disk encryption (AES-256), ensuring protection for data at rest. BMC manages all encryption keys.
All external API calls crossing the system boundary on the Internet are authenticated and encrypted by using TLSv1.2 and later. BMC data centers use an industry-leading edge firewall and web application firewall for all traffic in and out of the BMC Helix network.
Data isolation
OpenSearch (Vector DB) is a shared BMC Helix service managed by BMC Software. Data isolation is implemented in BMC HelixGPT in the following ways:
- Tenant data is isolated using index separation.
- Tenant-specific Role Based Access Controls (RBAC) are implemented in OpenSearch (Vector DB). Access to the data in the Vector DB is also controlled based on the permissions defined in BMC Helix ITSM or BMC Helix Portal.
- Cross-tenant searches are not permitted.
- Access to the prompt library and Vector DB is provided per tenant. You must have the HelixGPT Admin role to view and update the prompts in the prompt library.
BMC HelixGPT supports “Bring Your Own Model” from generative AI vendors such as Azure OpenAI and Google Cloud Platform Vector AI for certain use cases.
Data retention
The prompts and contextual data are sent to the third-party Large Language Model (LLM) provider, and the customer is responsible for determining the data retention policy with the third-party or customer-hosted LLMs. The customer is responsible for determining the data retention policy with the third party (Microsoft, Google, and so on) through the customer's secure and private agreement with the third-party LLM provider.
OpenSearch (Vector DB) follows the data retention policy of the data sources. The OpenSearch (Vector DB) is synchronized with all its data sources for data retention. For example, if a knowledge article has been unpublished, it is also removed from the Vector DB.
The identities of the stored documents depend on their data sources, such as BMC Helix Knowledge Management by ComAround, SharePoint, or BMC Helix Business Workflows. The documents are stored and identified as a part of the metadata of chunks. Each chunk stores the document ID and other metadata associated with the chunk, chunk content, and chunk embeddings.
Handling PII data
Depending on a customer's agreement with the third-party LLM provider, the contextual data, (including potential personal identifiable information (PII)), or any sensitive information provided by the end user in the user query is exclusively utilized for inference and not incorporated into the LLM. It is, however, sent to the third-party or customer-hosted LLM.
Secure deployment for custom LLMs
BMC plans to add support for custom LLMs hosted on Google’s Vertex AI in future releases. The custom LLM must be securely deployed according to Google Vertex AI security best practices.
- Google’s responsibility
- Protect the infrastructure
- Secure the platform
- Maintain compliance
- Customer’s responsibility
- Use the latest versions of Vertex AI Containers and VM Images
- Manage access controls
- Secure applications through encryption and service perimeter
- Monitor for security incidents
- Comply with applicable laws and regulations for your use case