I work at a Fortune 50 company with hundreds of analysts, engineers, data scientists, and from socializing and networking with people, it’s become really clear to me that a lot of people are using their own PC or paying for AI out of pocket. This was shocking to me, as I thought that the company was funding AI like API GPT for work. But it seems like a lot of people are actually using their own personal computers at home and paying for API access to Claude, GPT4, or even getting local AI models like Llama 3.1. When I was talking to a data scientist specifically, He explains that he spent $2900 out of his own paycheck to get a top of the line computer with a really good processor and RTX 4080 Just so he can run his own local AI model for work in order to solve business problems… Like, I was shocked, they’re not bringing company data onto their own devices or anything, but they are using local AI models to generate code in python, SQL, C#, stuff like that…

Here’s an example of a redditor who appears to be doing the same thing. He talks about how the company is investing strategically long run, but won’t pay for AI resources, so he just pays for it out of pocket. This is actually very common and very similar to what I’ve heard at work!!

Does anyone else have any experience or has heard of This being done? I’ve never heard of this before, but apparently it’s more common than I thought. Pretty crazy to pay out of pocket for this kind of stuff

  • ITeeTechMonkey@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    I hate to say it but company data is most definitely on personal computers.

    This is why stuff like adaptive MFA and DLP are a thing. What most people don’t know is if DLP is properly implemented the IT team/department have records of who, when, where, and what device were used to not just access/download data/files.

    The problem is a lot of companies don’t properly implement DLP because it’s not a turn key solution. You need to properly classify your data first and that requires essentially a company wide audit with buy-in from all levels of management. After the classifications you can then implement restrictions and compensating controls.

    Back in the day you could just block USB/network transfer, but if you have data accessible outside of a corporate network you then need to implement conditional access/adaptive MFA where only registered devices are permitted to access certain systems.