Building Secure and Compliant AI in 2025: Key Takeaways for Data Leaders from CDAO Perth 2024

Before selecting a model or platform, Boon stressed the importance of data readiness. AI adoption fails when data is siloed, inconsistent, or insecure.

His team has developed AI-driven workflows that combine secure data pipelines with zero-trust principles—ensuring data remains both accessible to those who need it and protected from misuse.

What this means for CDOs in 2025:

• Prioritize data governance and cataloging as part of your AI roadmap.
• Build zero-trust architectures into your AI platforms from the outset.
• Use tiered permission models—from prompt-level access control to middleware-based governance.

→ For more, see AI-Driven Workflows: Secure and Accessible Data.

Chatbots remain one of the fastest ways to deliver value with AI—automating queries, surfacing insights, and reducing dependence on technical staff. Boon showcased how his team deployed enterprise-grade chatbots with frameworks like LangChain, RAG, and GPT-4o, while enforcing single sign-on and scoped access controls.

But he cautioned against uncontrolled rollouts—chatbots can become shadow IT if not governed properly.

What this means for CDOs in 2025:

• Deploy chatbots as controlled pilots with clear access boundaries.
• Audit usage patterns regularly to spot risks or misuse.
• Align chatbot governance with existing data classification policies.

→ See how this works in practice: Boost Business with AI-Powered Chatbots.

The growing scrutiny from regulators, boards, and customers demands more than functional AI—it requires trustworthy AI.

Boon emphasised three cornerstones of AI trust:

1. Privacy by Design – encrypt, anonymise, and minimise sensitive data.
2. Security Controls – apply access restrictions at both system and data levels.
3. Explainability – ensure decisions can be interpreted by humans, particularly in regulated industries.

What this means for CDOs in 2025:

• Treat AI explainability as a governance requirement, not a “nice-to-have.”
• Build privacy impact assessments into every AI project.
• Invest in monitoring tools that surface model behaviour, bias, and drift in real time.

→ Explore further: Generative AI – Privacy, Security, and Explainability.

While tactical use cases dominate today, Boon urged leaders to prepare for the next wave:

• Multi-agent AI systems that collaborate to execute complex enterprise workflows.
• AI TRiSM (Trust, Risk, and Security Management) frameworks that combine governance, compliance, and observability.
• Mesh architectures that integrate AI across data domains without compromising security.

What this means for CDOs in 2025:

• Start mapping AI TRiSM into your enterprise risk management strategy.
• Build cross-functional AI governance councils to align security, data, and business goals.
• Position AI as not just a tool for productivity but a strategic enabler for competitive advantage.

Finally, Boon highlighted that leadership credibility matters. With Boon Solutions named a Qlik Elite Partner and himself a Qlik Partner Ambassador in 2025, his team is setting industry benchmarks in both AI-powered BI and secure, compliant AI deployments.

For data leaders, this signals the importance of partnering with providers who combine deep technical expertise with proven governance experience.

→ AWS – Securing Generative AI: Compliance & Privacy Considerations  A practical risk and compliance framework—including a Scoping Matrix—for evaluating AI projects across security, privacy, and regulatory dimensions.

→ Microsoft– Rethinking Data Security & Governance in the AI Era How tools like Microsoft Purview help centralise policy, governance, and observability for secure AI deployments.

→ Palo Alto Networks – How to Build a Generative AI Security Policy Tactical guidance for AI security—covering prompt injection, access control, plugin oversight, and detecting shadow AI.

→ OECD – Six Policy Considerations for AI, Data Governance & Privacy High-level global policy guidance to align enterprise AI practices with emerging international standards and regulation.

→ DataGalaxy – 2025 AI Governance Best Practices  A business-aligned governance framework for embedding trust, risk policies, and strategic alignment into AI initiatives.

→ Digital Transformation Agency – Policy for the Responsible Use of AI in Government (effective 1 September 2024) This mandatory policy for Australian government agencies sets baseline expectations for AI governance, assurance, and transparency.