Security & Compliance of AI Machine Translation: What you need to know
Published on 07 May 09:55 by Erik Chan
The information technology industry is set to reach $5.2 trillion in 2020. With this, it is becoming increasingly important to understand and control data that is being shared, stored, and received. Simply put, security and compliance means securing information assets, preventing damage, protecting it, and detecting theft.
Security & Compliance
A company can protect its data if they follow compliance protocols and have security in place. To have proper protection, companies must understand compliance is not the same as security, but security is a big part of compliance. Let me explain:
Compliance focuses on the type of data handled by a company and the regulatory requirements (frameworks) applied to its protection. While this can be straightforward, some companies are required to adhere to multiple frameworks, and making sense of these frameworks can get quick difficult and complicated. The main goal of compliance is to manage risk and often times go beyond data handling. Compliance also oversees policies, regulations, and laws. Compliance covers physical, financial, legal, or other types of risk, and ensures an organization is complying to the minimum of the security-related requirements.
Security on the other hand is a set of technical systems and tools and processes which are put in place to protect and defend the information and technology assets of an enterprise. Security includes permission controls as well as who has access to the data or network. Standardized protocols and tools developed by specialists make security a more straightforward task than compliance. Compliance is multifaceted and is based on a company’s data type and security processes.
Compliance in AI Machine Translation
Now that we've gone through the differences between compliance and security, we will start to understand compliance is less of an issue when only considering the technical aspect of AI machine translation. The reason is simply because machine translation is just a piece of software to process data. Much like a digital calculator where numbers are input into the calculator and produces a resulting numbers; we provide the machine translation software with sentences and it results in a translated sentences. Machine translation software can be setup to run on any server/computer and does not incur any risk on its own.
The compliance risk in machine translation is largely dependent on who's server/computer is being used and who had access to the data prior to feeding it to the machine. Ensuring that the parties who have access to the data prior and post machine translation are verified and trustworthy is the key concern.
Security in AI Machine Translation
From a security perspective, following best practice protocols for the intended level of security will de-risk nearly all issues arising from data access and tampering. To name a few of these protocols, this includes only giving intended person(s) access to the network where the data is stored, using appropriate two-way encryption when transacting data, and using multi-factor authentication systems. As previously described, security is a set of technical systems -it will provide a level of security based on a company's requirement from low to high. In general, higher levels of security is in fact more safe but also much more cumbersome. To give you an analogy, it's like how far one chooses to go to ensure one's diet is vegan, the more precaution the more cumbersome. Incredibly high levels of security is is always an option, but often not practical in the real world.
On-premise Servers vs Cloud Servers (provider hosted)
Everything we've discussed so far brings us to an important topic: on-premise servers vs. cloud servers. As discussed, machine translation software itself isn't really a compliance or security risk, the risk is who is permitted access to the data that is being used for machine translation. One of the main points of interest is whether the data will leave a company's network. Using on-premise servers for machine translation ensures nobody outside the company network has access to the data. Using cloud servers for machine translation on the other hand provides at least one other company (the provider) to have access to the data.
From a compliance perspective, the question is whether you trust the provider with the data. If there is enough trust, this is usually amended to with a confidentiality agreement (NDA), a standard document typically used when working with firms (such as legal or translation agencies) who are dealing with your sensitive data. From a security perspective, the question is more whether you and your provider uphold the security standards they claim to uphold.
It would seem at first glance on-premise servers are the way to go, but there are important advantages in cloud servers as well. This is largely because machine translation software is generally a bit more complicated to operate than say a digital calculator. It requires more expertise to deploy AI software and the software itself also requires more computing power to utilize. In general, AI (deep learning) software is not something typical IT teams are familiar deploying today, and it results in additional costs and longer processes.
Let's compare the pros and cons:
|On-Premise Server||Cloud Server (hosted by provider)
|Requires in-house IT experience||Yes||No|
I've personally found many client's rational incorrect when they think 'cloud' translation is unsafe and should be avoided:
To give you an example, I've come across companies who hire a translation agency to translate their content (data). They do this without realizing the compliance and security risk is likely much higher than using a cloud machine translation provider.
Let me explain: when a company works with a translation agency, they send a document to the agency's human translator & editor through a project manager. Let's also assume the company uses a secure method to send the document (because email is not one of them). This means the document (data) risk is that the document has traveled through a server (to send the document) and three humans (of which at least two of them have read the contents.) In contrast, when a company sends a document to a machine translation provider, the document travels through a server only and is not read by any humans before it is returned back to the company. Obviously this depends on actual circumstances, but generally from a compliance and security standpoint, a machine translation provider is much safer as humans are nearly always the weakest links in any security system.
Have further questions about security and compliance of AI translation? Email me at erik[at]translatefx.com.
Key Takeaway to Share:
- Everything you need to know about Translation Memory
- Hiring post-edit translators
- AI Machine Translation and Terminology Consistency
- Best sites to hire professional translators
- Hiring an in-house Translation Team vs. External Agencies
- Private Banking Digest - 8 June 2020
- Add AI language capabilities to increase cross-border business transactions
- Equity Research Digest - 8 June 2020
- Top 3 challenges translating equity research reports
- What is Neural Machine Translation & How does it work?
- Private Banking Digest - 8 June 2020
- Equity Research Digest - 8 June 2020
- Importance of glossary in legal and financial translations
- Reshaping equity research business with AI
- With the rise of AI translation, why hire human translators
- Is AI Ready to Translate Financial News
- AI translation for Company Financial Reports
- Applying AI translation to Equity Research Reports
- Does my company need a translation management system
- Should my company implement AI translation tools
TranslateFX develops AI translation technology specifically for financial and legal institutions. The company develops AI models and workflow tools for clients of all sizes. We believe humans always play and important part of the process and our tools reduce the time and costs of translation by 60% or more.
- China Securities Regulatory Commission
- China Banking and Insurance Regulatory Commission
- China Banking Regulatory Commission
- People's Bank of China
- U.S. Securities and Exchange Commission
- U.S. Financial Industry Regulatory Authority
- U.S. Financial Accounting Standards Board
- Hong Kong Securities and Futures Commission