From Idea to Innovation: The 3 Step Beginner’s Guide to Navigating Generative AI

Stephen Manley, CTO

Generative AI (Gen AI) success stories are everywhere, and your CEO has a serious case of FOMO (Fear of Missing Out). As a result, Gen AI is now one of your top priorities! If you’re anything like we were, you have no idea how to succeed. Your people are afraid of falling behind… but they’re also afraid of eliminating their jobs. Your legal and security teams are afraid of losing data… but they also know cyber attackers are already using Gen AI. You want to build something yourself… but you have no idea where to start.

We’ve spent the last year ramping up our Gen AI program. We’ve made mistakes. We’ve irritated most of the executive team (usually on purpose). But, we’re proud of our progress. In this post, we’ll discuss the three steps that got us rolling.

Step 1: Create a Task Force to Set Guidelines

We had to create guardrails around Gen AI usage, but the technology is evolving so quickly that a policy could not be set in stone. 

As a result, we created a Gen AI task force made up of legal, IT, and InfoSec to actively manage the policy. The task force had 3 rules:

  1. You can’t control everything. There is no way to track or block access to all Gen AI tools. Therefore, we chose to trust our employees. We focused on the highest risk areas (e.g. core IP, systems of record), defined the policy, and explained to the teams why we needed to be cautious. 

  2. Make the process simple. After the “shadow IT” experience of the early cloud years, it has to be simple for people to get Gen AI tools approved or you’ll get “shadow AI.” Therefore, we integrated approval into our standard procurement process. 

  3. Learn from others. We talk with our trusted vendors (e.g. AWS, Salesforce) to understand what policies work for them. Similarly, many of our prospects ask me about how Druva manages Gen AI before even asking about our product roadmap. 

Bonus Lesson: There will always be surprises. When examining coding co-pilots, the legal team worried about IP. What if an employee auto-generated code and then tried to patent it? It wasn’t a serious threat, because we patent ideas, not source code. The real threat, however, is from the open-source code the co-pilots are trained on. If a co-pilot is trained on code from restrictive licenses, the code it generates could be considered subject to that restrictive license! 

Step 2: Build a Community of Practice

Once we had a team in place to protect the company, we wanted to encourage the adoption of Gen AI tools. 

We recruited one person from each major group in the company to be part of our Gen AI Tiger Team. We didn’t choose the most senior people; we chose the most excited ones.

As we formed the Tiger Team, we adopted 3 rules:

  1. Avoid fear tactics. People are interested in Gen AI, so we want to foster their excitement rather than threaten them. We want exuberant creativity, not grudging compliance. 

  2. Celebrate the wins. We can make evergreen training videos, where we type in new content and Gen AI makes it look like I’m speaking. We have an internally trained GPT that answers product questions. We optimized our coding. Each of these is an amazing step forward that saves time and improves the quality of work. And is done using cool technology from our vendors!

  3. Focused is better than general. Tiger Team members often want to start with the most generic tools (e.g. ChatGPT), but we encourage them to find specific solutions. The Gen AI Task Force rarely approves general tools because it is difficult to control how they are used, and it is easier to evaluate success when you are addressing a specific problem. 

Bonus Lesson: Measure early, measure often. Somebody — the CEO, CFO, or that annoying person you see in the break room — will ask what benefit the Gen AI tools are bringing to the company. It doesn’t always have to be in dollars, but measure each initiative. 

Step 3: Build Your Own Custom Gen AI Solution

Not everybody will need to take this step, but you’d be surprised how many of you will. 

When we began creating Dru, your copilot for security, we began with (you guessed it!) three rules:

  1. Constrain the problem. Building Gen AI solutions is challenging because of hallucinations. We focused on helping customers troubleshoot backup failures and security threats. The use cases are well-defined, so we were able to put in place strong guardrails to catch/prevent hallucinations. Additionally, customers receive Dru’s recommendation, so there is an extra layer of human validation before taking action. 

  2. It’s all about the data. First, you need enough data to train the model. In our case, even though failures and security events are rare, we have a large training data set because we have thousands of customers. Second, you need to maintain customer privacy. As a natively multi-tenant SaaS solution, everything is automatically separated for us, but you may need to separate your customers’ data. Third, augment the LLM with Retrieval-Augmented Generation (RAG) — your data that helps guide the general model — to better fit your use case. 

  3. Flexibility is key. We didn’t spend millions of dollars on hardware. Admittedly, as a cloud-native SaaS company, it didn’t occur to us to buy hardware, but I’ve met customers who bought infrastructure before they knew what to do with it. We used Amazon Bedrock because it let us invest incrementally and easily test different LLMs. Things are changing so quickly, this is not the time to get locked in.

And now, the final bonus lesson: Integrate your Gen AI solution into your product, don’t build something separate. Your Gen AI solution should have the same security, privacy, authentication, authorization, and management model as the rest of your product. Gen AI is not a “one-off.” It’s part of your product. Our AI Task Force is holding our vendors to that standard, so we hold ourselves to it, as well.

Gen AI is the New Cloud

Companies are investing without knowing why. Employees alternate between excitement and fear. It’s only a matter of time before a company practically destroys itself by pushing too far too fast. That much power can be frightening. 


As with the cloud, Gen AI is a once-in-a-generation opportunity. It will change how we interact with each other, how we interact with computers, and how computers interact with one another. So don’t try to hide from it. By following Druva’s three steps, you can embrace Gen AI, grow your career, and help your company take the lead in its market.

Hello, Dru!

Want an introduction to Dru, your new copilot for security? We’ve got you covered. It’s data security that adapts to you, not the other way around. Meet Dru by taking a quick test drive of Druva’s data security for Amazon EC2 with our product tour. See how Dru solves backup errors with ease, enables you to navigate the platform in seconds, and more.

Check out our on-demand webinar to learn more about how Druva’s Generative AI helps you to make smarter IT decisions with a more intuitive, efficient, and personalized experience. Data security has never been smarter or easier.