Security and privacy for BMC HelixGPT
BMC HelixGPT is a platform service inside the BMC Helix tenant. It is subject to the same security policies and role-based access as other Helix applications.
BMC HelixGPT connects to the generative AI service provider, such as Azure OpenAI, Azure ML, or Google Cloud Platform Vertex, and all transactions occur through the service. The prompts and contextual data are sent to the third-party Large Language Model (LLM) provider or the BMC Helix LLM running in customer's environment. Depending on the use cases, either the generic third-party model or the BMC Helix-trained model is used. BMC Helix does not train on customer data for any AI use cases.
BMC HelixGPT prioritizes data security and privacy for every tenant through the following security measures:
Stateless design
For every prompt, BMC HelixGPT seamlessly incorporates contextual data, such as the text obtained from knowledge articles, into the input before submitting it to the LLM. Contextual data is always under the control of the HelixGPT or product administrators.
The following workflow shows how data flows in the BMC HelixGPT architecture for BMC Helix ITSM without being persisted in HelixGPT Agent Studio, Vector DB or the third-party LLMs:
The following table lists the steps in which data flows:
Step | Performed by | Action | Example |
|---|---|---|---|
1 |
User | A user submits a query through one of the BMC Helix products. | “I cannot connect to the office Wi-Fi.” |
2 |
HelixGPT Agent Studio | HelixGPT Agent Studio converts the user query into a partial BMC HelixGPT prompt. | Predefined prompt: “I cannot connect to the office Wi-Fi” Placeholders are added for contextual data. |
3 |
Vector DB | The Vector DB performs a semantic search on knowledge articles based on the prompt. | Relevant knowledge article is found: Connecting to the office Wi-Fi |
4 |
LLM | The LLM provides the response to the user query in natural language. | Troubleshooting advice is provided in natural language. |
5 |
HelixGPT Agent Studio | HelixGPT Agent Studio generates a comprehensive answer to the user query containing the natural language response from the LLM and relevant knowledge articles. | An answer containing the LLM-generated response and links to the relevant knowledge article is returned to the user. |
6 |
User | The user receives the response through the BMC Helix product from which the query was sent. | "Steps to connect to the Wi-Fi. Sources of information." |
Additionally, the following workflow is an example of the root cause analysis (RCA) use case from BMC Helix AIOps. In this example, data is queried during runtime but is not persisted in BMC HelixGPT Agent Studio or in the BMC Helix LLM:
| Step | Performed by | Action |
|---|---|---|
| 1 | User | An operator or a site reliability engineer (SRE) requests RCA of a situation in BMC Helix AIOps. |
| 2 | BMC Helix AIOps | BMC Helix AIOps queries BMC Helix ITSM to retrieve any changes related to the CIs in the system. |
| 3 | BMC Helix AIOps | BMC Helix AIOps queries log tools, such as BMC Helix Log Analytics, to retrieve relevant log data. |
| 4 | LLM | BMC Helix AIOps queries the BMC Helix fine-tuned LLM, and the LLM responds with the root cause analysis. |
| 5 | User | The analysis is displayed to the operator or SRE. |
Secure permission model
BMC HelixGPT follows a multilevel security model to secure the data:
- At the infrastructure level: BMC Helix uses many data stores as part of the overall platform. Every data store utilizes logical segregation of data and encryption at rest. Specifically for BMC Helix ITSM use cases where vectorized data is used, the Vector DB is built on the OpenSearch cluster and follows the same data security standards as other OpenSearch clusters for BMC Helix ITSM that run in the SaaS infrastructure, which includes encryption at rest for disks.
- At the application level: All data is segregated based on user RBAC within the system. If a user is not authorized for a set of data, then that data is not sent to the third-party LLM provider.
With multilevel security, data is accessible based on a user’s access permissions defined in the BMC Helix ITSM permissions model or in BMC Helix Portal. Any change to permissions is immediately synced with BMC HelixGPT.
BMC HelixGPT uses the end user’s existing permissions to enforce access control. The end user (typically a support agent) has access to the following resources:
- Knowledge articles
- Support tickets
- Enterprise data sources
- Observability data
With BMC HelixGPT, an end user obtains actionable summaries from the resources based on the permissions assigned to the end user and the resources. An access control list (ACL) check is also conducted before the contextual data is returned to BMC HelixGPT to ensure the user has access to the related contextual data.
Examples
- User permission model:
- An IT Support agent cannot access HR support tickets.
- A support agent and an administrator receive different answers to the same question based on their user access.
- Resource permission model: Internal KAs and documents are inaccessible externally or publicly.
Data encryption
BMC HelixGPT leverages data stored in several data stores, which are securely hosted within BMC data centers. These include VictoriaMetrics, BMC AgileGraphDB, and OpenSearch (standard and vector DB). Security is reinforced through full disk encryption (AES-256), ensuring protection for data at rest. BMC manages all encryption keys.
All external API calls crossing the system boundary on the Internet are authenticated and encrypted by using TLSv1.2 and later. BMC data centers use an industry-leading edge firewall and web application firewall for all traffic in and out of the BMC Helix network.
Data isolation
All data in the various data stores is logically separated by tenant and managed by BMC Helix. Data isolation is implemented in BMC HelixGPT in the following ways:
- Tenant data is logically separate.
- Tenant access to the data is also controlled based on the role-based access control (RBAC) and permissions defined in BMC Helix ITSM or BMC Helix Portal.
- Cross-tenant searches are not permitted.
- Access to the prompt library and Vector DB is provided per tenant. You must have the HelixGPT Admin role to view and update the prompts in the prompt library.
- Other observability data is stored in existing data stores with logical tenant separation.
BMC HelixGPT supports “Bring Your Own Model” from generative AI vendors such as Azure OpenAI and Google Cloud Platform Vector AI for certain use cases.
Data retention
The prompts and contextual data are sent to the third-party Large Language Model (LLM) provider, and the customer is responsible for determining the data retention policy with the third-party or customer-hosted LLMs. The customer is responsible for determining the data retention policy with the third party (Microsoft, Google, and so on) through the customer's secure and private agreement with the third-party LLM provider.
If the target LLM is the BMC Helix model, a similar stateless design applies.
OpenSearch (Vector DB) follows the data retention policy of the data sources. The OpenSearch (Vector DB) is synchronized with all its data sources for data retention. For example, if a knowledge article has been unpublished, it is also removed from the Vector DB.
The identities of the stored documents depend on their data sources, such as BMC Helix Knowledge Management by ComAround, SharePoint, or BMC Helix Business Workflows. The documents are stored and identified as a part of the metadata of chunks. Each chunk stores the document ID and other metadata associated with the chunk, chunk content, and chunk embeddings.
Other observability data, which is only queried at inference time, is retained based on published standards.
Handling PII data
Depending on a customer's agreement with the third-party LLM provider, the contextual data, (including potential personal identifiable information (PII)), or any sensitive information provided by the end user in the user query is exclusively utilized for inference and not incorporated into the LLM. It is, however, sent to the third-party or customer-hosted LLM.
Secure deployment for custom LLMs
BMC supports custom LLMs hosted on Google’s Vertex AI and Microsoft Azure ML for certain use cases. The custom LLM must be securely deployed according to Google Vertex AI security best practices or Microsoft Azure best practices.
- Microsoft Azure/Google’s responsibility
- Protect the infrastructure
- Secure the platform
- Maintain compliance
- Customer’s responsibility
- Use the latest versions of Vertex AI Containers and VM Images
- Manage access controls
- Secure applications through encryption and the service perimeter
- Monitor for security incidents
- Comply with applicable laws and regulations for your use case
Related topics