The new DeepL security features enabling fully compliant innovation with Language AI
Neste post:
- Keeping control of innovation – and preventing Shadow AI
- DeepL’s commitment to advancing security and compliance
- The DeepL features setting new standards in AI security
- 1. Bring Your Own Key encryption for DeepL Pro Enterprise
- 2. Multi-factor authentication for all DeepL plans
- 3. Network access restrictions for DeepL Pro Ultimate and Enterprise
- 4. App deployment controls for DeepL Pro Advance, Ultimate and Enterprise
- 5. Domain capture for DeepL Pro Ultimate and Enterprise
- 6. Account impersonation consent for all plans
- 7. Audit logs for all plans
At mid-market and enterprise organizations, it can feel like innovation is in constant tension with security and compliance. Department heads and teams push for new AI tools. CEOs and Managing Directors set targets for adopting the technology. Somewhere across the office, Chief Technology Officers (CTOs), Chief Information Security Officers (CISOs), procurement and compliance teams find themselves putting on the brakes.
We know this, because it’s at the forefront of many of the conversations that DeepL has with our customers at large organizations when they first adopt our Language AI platform. Clients from highly regulated industries like law, healthcare and finance often tell us about previous AI initiatives that never made it past the compliance review stage, usually due to a lack of control over what happens to company data. When agreements are open-ended about how AI platforms access and use your data, initiatives can’t pass the security and compliance test.
Keeping control of innovation – and preventing Shadow AI
The challenge that these businesses often face—and the constant concern for their compliance teams—is that it’s not just the C-suite that’s pushing to innovate with AI. In their own way, every team and every employee are pushing for it, as well.
With AI everywhere, employees expect to be able to use the same tools for work as they do in their personal lives. They expect AI to help with drafting an email, searching for information online, summarizing a report–or translating any of these things. When businesses drag their feet on adopting AI as an organization, they increase the risk of employees taking the initiative themselves. As a result, employees will often upload information and data into unsecured tools, with no record of what’s being shared.
When it comes to innovation, security, and compliance, slow and steady doesn’t necessarily win the race. Not when it increases the risk of this type of “Shadow AI” activity. The best way to remain secure and compliant in an era of AI everywhere is to work with a partner that enables you to innovate with AI in a secure, transparent, and accountable environment. You need a partner that’s as committed to the security of data and information as you are. It’s even better if you have a partner that’s committed to pushing security standards forward—that innovates on security and compliance in the same way it innovates on platform features and capabilities.
DeepL’s commitment to advancing security and compliance
That’s exactly what we’re committed to doing at DeepL. Ever since the launch of our Language AI platform in 2017, we’ve made security and data privacy central to our design and the way our platform operates. DeepL has always complied with strict security and data privacy standards like ISO 27001, SOC 2 Type 2, and GDPR— it’s a huge part of the value of our Language AI platform for enterprise organizations.
This is an approach that doesn’t just result in certifications; it results in DeepL meeting the standards of strict internal audits from customers in regulated industries, and complying with regulations that other AI solutions can’t meet.
The DeepL features setting new standards in AI security
Our commitment to security and compliance doesn’t end here. We are determined to continue making it easier for businesses to stay in control of their data and confidential information, while giving teams the freedom to innovate with Language AI. This involves constantly enhancing the tools we provide for administrators, giving them even greater visibility into how their data travels through DeepL’s systems and all of the different points it touches. It provides transparency into how every employee is using DeepL, ensuring that they do so in secure, logged-in environments. It equips enterprise organizations with encryption solutions that give them absolute control over who can read data, and that can instantly put that data out of everyone’s reach, if needed.
In the last six months, we’ve launched seven enhanced security features that give CISOs, CTOs and administrators the greatest control and visibility possible—and that enable even the most strictly regulated industries to innovate with DeepL’s Language AI, in confidence:
1. Bring Your Own Key encryption for DeepL Pro Enterprise
Data that passes from our customers to DeepL has always been encrypted with the latest encryption methods, so that only DeepL and the customer can access it. Bring Your Own Key encryption is an innovative new approach to encryption technology that provides our enterprise customers with even higher levels of control and security. The customer generates their own custom encryption key when sending data to DeepL and that key is only used for that particular customer’s data. When the customer chooses to share the key with DeepL, we can access their data. However, they can take away this access at any time by withdrawing the key. This takes a matter of seconds, and it means that the data is no longer accessible by anyone—not by DeepL and not by the customer.
A good analogy is when you check into a hotel room and receive your room key from reception. It’s your key, nobody else staying in the hotel has it, and nobody else staying in the hotel can access your room. However, you know that the hotel manager and their employees can access your room whenever they need to.
But with Bring Your Own Key encryption, this changes. You are in charge of the key. You choose whether the manager can access your room. And when you decide that nobody should be able to enter your room anymore, you destroy the key and they can’t.
It would be a terribly inefficient way of running a hotel, with lots of rooms that nobody can ever get into again. However, it’s a fantastic way of protecting data, with the customer in complete control and always able to put that data beyond anyone’s reach. This is why Bring Your Own Key encryption is so valuable for DeepL enterprise customers in regulated and sensitive industries like healthcare and finance. It’s one of the most advanced security innovations of any platform, anywhere
2. Multi-factor authentication for all DeepL plans
Any DeepL customer has the opportunity to set up multi-factor authentication (MFA), which requires anyone logging into their account to verify their identity in two different ways. MFA for DeepL uses login credentials and passwords, combined with a verification code from an authenticator app.
3. Network access restrictions for DeepL Pro Ultimate and Enterprise
Network access restrictions provide administrators with an extra level of control by requiring that any employee accessing DeepL has to be logged in as themselves in order to do so. Keeping track of exactly who is using DeepL and what they’re using it for provides IT security and compliance teams with a valuable audit trail.
4. App deployment controls for DeepL Pro Advance, Ultimate and Enterprise
Our app deployment controls enable administrators to use Mobile Device Management (MDM) software from approved providers, like Jamf Pro, Microsoft Intune and VMware Workspace ONE, to manage how employees use the DeepL app on mobile devices. This includes controlling who has access through a mobile device, and being able to track what they use DeepL for.
5. Domain capture for DeepL Pro Ultimate and Enterprise
Domain capture detects when anyone signs up for DeepL using one of your company’s email addresses, and ensures that they are routed to your secure, corporate DeepL account. It’s another valuable tool for helping administrators ensure that everyone is using DeepL in a compliant way.
6. Account impersonation consent for all plans
We’ve made it easy for administrators to control when they want DeepL to have access to their account with a simple ‘Account Access’ toggle in settings. Switching this to on enables DeepL customer support teams to temporarily access your account to help with account management, troubleshooting or user onboarding. Switching it off removes this permission.
7. Audit logs for all plans
DeepL maintains detailed logs of every significant interaction with your DeepL account over the last three months, including any failed login attempts or account deletions. This enables compliance teams to keep track of any unauthorized access attempts, and ensures that all employees are using DeepL in the way they should.
DeepL's commitment to advancing security and compliance for Language AI is being recognized through additional certifications from the world’s most highly regulated industries. Most recently, DeepL achieved compliance with the Health Insurance Portability and Accountability Act (HIPAA), a US federal law designed to protect sensitive medical information by enforcing strict standards for storing, processing and transmitting health-related information. Confirmation that DeepL complies fully with HIPAA is further assurance of confidentiality, integrity and security, not just for companies handling Protected Health Information (PHI), but for any dealing with sensitive and confidential data.
