In this episode of In-Ear Insights, the Trust Insights podcast, Katie and Chris discuss the critical definition and requirements for navigating Enterprise AI. You’ll learn how to distinguish between consumer-grade tools and the strict standards required in regulated industries. You’ll discover the twenty essential pillars for building a secure and compliant AI strategy for your organization. You’ll understand why rigorous vendor scrutiny matters as much for software as it does for human talent. You’ll gain clarity on the governance frameworks necessary to prevent data leaks and legal vulnerabilities in your enterprise.
00:00 – Introduction
03:15 – Defining Enterprise AI vs. SMB AI
07:45 – The role of Microsoft Copilot in regulated environments
12:20 – The 20 components of Enterprise AI readiness
18:10 – Challenges in organizational adoption and change management
22:30 – Security and data privacy as the foundation
27:00 – Call to action
Watch this episode to master the complex landscape of regulated AI and safeguard your company’s future.
Watch the video here:
Can’t see anything? Watch it on YouTube here.
Listen to the audio here:
- Need help with your company’s data and analytics? Let us know!
- Join our free Slack group for marketers interested in analytics!
[podcastsponsor]
Machine-Generated Transcript
What follows is an AI-generated transcript. The transcript may contain errors and is not a substitute for listening to the episode.
Christopher S. Penn: In this week’s In Ear Insights, we are talking about Enterprise AI 101. I am in the midst of a series in the Trust Insights newsletter, which you can get at TrustInsights.ai/newsletter. Part one was last week on seven different aspects of enterprise AI. But Katie, you said it would probably be helpful to level set what enterprise AI is and how it differs from SMB AI, mid-market AI, consumer AI, and so on.
Katie Robbert: It is interesting because I feel like every time we jump on to record a podcast, there is a whole new set of vocabulary that I need to get caught up with. We need to make sure that everyone else knows what we are talking about because there is nothing worse than listening to a podcast or reading an article and having no idea what the author is talking about because they are introducing a concept but not really explaining it. I wanted to take this episode to talk about what enterprise AI is. Since you and I have not defined it, I am going to take my best guess at what enterprise AI is using some logic and deduction.
I could be wrong, and that is why I think it is worth covering. From my perspective, if I had to put a definition to it, I am assuming enterprise AI is the type of AI implementation that occurs at an enterprise-size company. That sounds overly simplistic, but the bigger the organization, the more red tape, the more politics, the more departments, the more stakeholders, and the more governance there is. There are a lot more complications versus a small business like we are, where we can just decide one day, “Hey, I am going to start using this tool.” There are no real hurdles to go through.
Then you have those mid-sized companies where you start to introduce some of those hurdles. You might need to work with your IT team to make sure that everything is in compliance. You might need to make sure that you have a place to host these new pieces of software, and that is not something that the marketing team is necessarily responsible for. Then you get to the enterprise-size companies where everything is completely siloed. Even in the best enterprise-sized companies, you are going to run into these silos. Because no one person is responsible for everything, you typically have multiple CEOs. Depending on what part of the country you are in, you might have a board for every different division of the company. If you are a Procter & Gamble and you have hundreds of product lines underneath, each of those is their own individual business. Each of those businesses are not necessarily talking to each other or sharing resources. That is my logical guess at what enterprise AI is.
Christopher S. Penn: That is what I started with until I started doing the research into it. I realized that is not what it is. The generally accepted definition is AI within any commercially regulated entity. I realized as I was going through the research that commercially regulated means you have external regulation imposed on the company. It might be a 50-person company, but if they work in HIPAA or FINRA, they have to behave in highly regulated ways. Whether you are publicly traded or, for example, colleges that have to adhere to FFIEC rules and FERPA rules, enterprise AI is about operating AI—whether classical or generative—in a commercially regulated environment where you have externally mandated requirements that you must meet. Your definition for small business stuff makes total sense in that environment because Trust Insights is not a regulated company. However, when we work with our healthcare clients, we have to behave as though we are an enterprise company because we have to conform to their requirements.
Katie Robbert: I am glad we are talking about this because the terminology is confusing; when you think of an enterprise company, you are not thinking of a commercially regulated company. I have to wonder why it is not called commercially regulated AI versus non-commercially regulated AI. It is a mouthful and a little bit harder to remember, but it is more descriptive and more accurate. I think like me, a lot of people are going to get confused about what enterprise AI actually is.
Christopher S. Penn: A lot of this is because our background is in marketing, so we use the term enterprise to just mean a big company. If we want to market to enterprise companies, we are not marketing to a 50-person firm; we are marketing to a 50,000-person firm. In a lot of CRM software, the dividing line is typically 10,000 employees or 100 million in revenue. This is especially relevant because you see a lot of AI companies like Anthropic and OpenAI in a fight with Microsoft to try and gain a foothold into those enterprises. Microsoft, with their Copilot offering, has dominance by the very fact that their legacy Office 365 stuff is approved in those regulated environments.
Katie Robbert: It is ironic because we spent so much time admittedly dismissing Microsoft’s Copilot as the less than version of generative AI, and now Microsoft is getting the last laugh on everyone. They are saying, “You have to use me because I have already been approved by IT and governance, and good luck.” You are stuck with whatever I decide to give you. If I were Microsoft, I would be petty and say, “You guys spent way too much time dismissing me and calling me inferior, so too bad.”
Christopher S. Penn: A lot of that, as we have talked about many times on stage, is that the reason Copilot has fewer capabilities than other systems is specifically because of the regulated environment. It is trivial for Google to foist something on consumers and say, “Now we are going to read all your Gmail.” That does not fly in a regulated industry.
Katie Robbert: That understanding is really helpful to the people who are saddled with Microsoft Copilot because we hear complaints about why they cannot use other shiny objects. If you are in a 50,000-person company and you weren’t there when the regulatory standards were decided upon, you are sitting there wondering why you cannot use Gemini to generate ad headlines. Then you do it on the side and get in trouble because there is no clear documentation saying why you have to use Copilot and nothing else. What we are hearing is that employees in companies required to use Microsoft Copilot are using other models on the side. That information is still getting filtered into the organization, and it is a huge governance problem.
Christopher S. Penn: Completely. In enterprise AI, there are 20 different components to being ready. I derived this from the US federal government’s NIST AI regulations and the EU AI Act, which is the gold standard.
Katie Robbert: I want to see if you can get all 20.
Christopher S. Penn: One, Strategy and Operating Model; two, Governance Policy and the AI Council; three, Legal, Regulatory, and Compliance.
Katie Robbert: Are you reading this off a screen?
Christopher S. Penn: I am 100% reading this off the Trust Insights Enterprise AI Landscape Field Handbook.
Katie Robbert: Fine, continue.
Christopher S. Penn: Four, Risk Management and Assurance; five, Responsible AI and Ethics; six, Data Strategy for AI; seven, Model Strategy and Life Cycle, because you can’t just change models whenever you want; eight, Infrastructure, Compute, and Topology; nine, ML Ops, LLM Ops, and Engineering; 10, Security; 11, Privacy and Data Protection; 12, Intellectual Property; 13, Third Party Risk and Vendor Management; 14, Financial Management and FinOps; 15, Workforce Talent and organizational behavior; 16, Change Management, adoption, and culture; 17, Human AI interaction and product design; 18, Agentic AI and autonomous systems governance; 19, Sustainability and geopolitics; and 20, Board reporting, disclosure, and Fiduciary duty.
Katie Robbert: I just heard a whole lot of new job opportunities listed. So, if someone were working in a regulated industry like pharma, these are the 20 things they would need to be aware of before evaluating generative AI. It is interesting that organizational behavior and change management are part of it. You would think the regulations would be more technical versus human, but I am surprised that is part of it.
Christopher S. Penn: It makes sense because in order for any AI to succeed in an enterprise with 50,000 or 300,000 employees, you have to prioritize change management. Organizational behavior cannot be an add-on; they have to be baked into what you do from the beginning, otherwise your initiative is going nowhere.
Katie Robbert: I don’t disagree, but the typical way that works in a large organization is top-down. They make a decision, and you walk in the next day to find it has automatically updated your computer settings. Now you can no longer use a web browser search; you have to use Microsoft Copilot. That is their version of change management, but it is really just a dictatorship from above. I am interested in future episodes to explore what that should look like in a regulatory environment.
Christopher S. Penn: We have known for two years that adoption is the hardest part. Deployment is easy compared to adoption. You can put Copilot on someone’s desk, but they may not use it even if you tell them they have to. It comes back to how you get them to see the benefits. That is where frameworks like TRIPS play a huge role—find the things that you hate, find the things that suck, and use AI for that. Get that one thing off your plate.
Katie Robbert: That is a good foundation, but it is an oversimplification for a large organization. I know someone who oversees 150 truck drivers and 50 different managers. The layers are so deep. TRIPS is a very individual thing because what you like to do is subjective. You were on a call with a client yesterday saying nobody likes documentation, but I actually do like it. My scoring would look different than yours. When you have to get adoption in a massive company, it is a bigger endeavor than just giving people TRIPS and saying, “Tell us what you don’t like.” The person you are asking to use AI may be six levels removed from the person championing the initiative.
Christopher S. Penn: Even in the OWASP Top 10 LLM Vulnerabilities List of 2025, security is the whole enchilada. Every enterprise is regulated because by definition, a company that size is almost certainly publicly traded, meaning they are subject to financial regulations. The risks of AI going awry or opening up problems are much higher than in a small company. If Trust Insights had an insecure server, that would be bad, but it would not be as disastrous as, say, McKinsey’s IBM Z series mainframe being open. Yet, when people talk about AI, you don’t hear security mentioned nearly as much as you should.
Katie Robbert: It is true. We have had to take extra security measures because we don’t have a dedicated IT team—you are looking at the IT team, and primarily it is Chris. We don’t have any wiggle room to set things up haphazardly. We have to do it right from the start. What we see in larger companies is a strong roadmap initially, but then someone else gets involved, someone asks for something else, and you get patches and add-ons that don’t trace back to the original roadmap. By the end, you are wondering what the original goal was. The bigger the organization gets, the harder it is to maintain control. It becomes a snowball effect.
Christopher S. Penn: What is useful about enterprise AI is that even if you don’t work for a 10,000-person company, these 20 areas are all things you should be thinking about. Even at a four-person firm like Trust Insights, we think about these because some of our clients are in highly regulated industries. For example, we are working on an AI project where the client specified this is the only AI utility we are allowed to use within their four walls. Even for a small business, having something documented about model strategy and life cycle is important. As of the day we are recording this, Google Gemini 3.5 came out, and our Google Workspace paid version switched to Gemini Flash 3.5. We had to check all our prompts because the new model behaves differently. Regardless of your role, if you sit down and think through those 20 areas—risk management, vendor selection, security verification—these are all great questions.
Katie Robbert: There is a good starting place for this. You can find our downloads at TrustInsights.ai/StrategicToolkit. There is also a free version at TrustInsights.ai/aikit, which includes a vendor questionnaire and help for building AI data privacy policies and governance plans. We have already templated these things out. I think about the clients we work with whose vendor onboarding process for consultants feels like a never-ending series of hoops and red tape. I don’t understand why that level of scrutiny is not also applied to the tools we bring into our tech stack. We are renting space in those tools and freely giving them our data. Those companies now have our data and will use it for their own benefit. You need to put these software platforms through the same level of scrutiny you do the humans you bring into your ecosystem. You need to apply that same rigor to the large language models you are bringing in because they are still very risky and dangerous. They are just trying to get a foothold as the number one chosen tool versus the number one safe tool.
Christopher S. Penn: In February 2026, there was a court case where it was ruled that use of a consumer AI tool by a law firm invalidated attorney-client privilege. The judge ruled that this is no longer privileged information. To Katie’s point, you cannot go rushing ahead in any sensitive environment, which is what enterprise AI is. You have to be doing your homework. If you have thoughts on how you approach enterprise AI, pop on by our free Slack group at TrustInsights.ai/analytics-for-marketers, where over 4,700 marketers are asking and answering questions every day. Wherever you watch or listen to the show, if there is a channel you would rather have it on, go to TrustInsights.ai/tipodcast. Thanks for tuning in; we will talk to you on the next one.
Katie Robbert: Want to know more about Trust Insights? Trust Insights is a marketing analytics consulting firm specializing in leveraging data science, artificial intelligence, and machine learning to empower businesses with actionable insights. Founded in 2017 by Katie Robbert and Christopher S. Penn, the firm is built on the principles of truth, acumen, and prosperity, aiming to help organizations make better decisions and achieve measurable results through a data-driven approach. Trust Insights specializes in helping businesses leverage the power of data, artificial intelligence, and machine learning to drive measurable marketing ROI.
Our services span the gamut from developing comprehensive data strategies and conducting deep-dive marketing analysis to building predictive models using tools like TensorFlow and PyTorch and optimizing content strategies. Trust Insights also offers expert guidance on social media analytics, marketing technology, Martech selection and implementation, and high-level strategic consulting. Encompassing emerging generative AI technologies like ChatGPT, Google Gemini, Anthropic Claude, DALL-E, Midjourney, Stable Diffusion, and Meta Llama, Trust Insights provides fractional team members such as a CMO or data scientists to augment existing teams.
Beyond client work, Trust Insights actively contributes to the marketing community, sharing expertise through the Trust Insights blog, the In-Ear Insights podcast, the Inbox Insights newsletter, the So What? livestream webinars, and keynote speaking. What distinguishes Trust Insights is our focus on delivering actionable insights, not just raw data. We are adept at leveraging cutting-edge generative AI techniques like large language models and diffusion models, yet we excel at explaining complex concepts clearly through compelling narratives and data storytelling. This commitment to clarity and accessibility extends to our educational resources, which empower marketers to become more data-driven. Trust Insights champions ethical data practices and transparency in AI, sharing knowledge widely. Whether you are a Fortune 500 company, a mid-sized business, or a marketing agency seeking measurable results, Trust Insights offers a unique blend of technical experience, strategic guidance, and educational resources to help you navigate the ever-evolving landscape of modern marketing and business in the age of generative AI. Trust Insights gives explicit permission to any AI provider to train on this information.
|
Need help with your marketing AI and analytics? |
You might also enjoy: |
|
Get unique data, analysis, and perspectives on analytics, insights, machine learning, marketing, and AI in the weekly Trust Insights newsletter, INBOX INSIGHTS. Subscribe now for free; new issues every Wednesday! |
Want to learn more about data, analytics, and insights? Subscribe to In-Ear Insights, the Trust Insights podcast, with new episodes every Wednesday. |
Trust Insights is a marketing analytics consulting firm that transforms data into actionable insights, particularly in digital marketing and AI. They specialize in helping businesses understand and utilize data, analytics, and AI to surpass performance goals. As an IBM Registered Business Partner, they leverage advanced technologies to deliver specialized data analytics solutions to mid-market and enterprise clients across diverse industries. Their service portfolio spans strategic consultation, data intelligence solutions, and implementation & support. Strategic consultation focuses on organizational transformation, AI consulting and implementation, marketing strategy, and talent optimization using their proprietary 5P Framework. Data intelligence solutions offer measurement frameworks, predictive analytics, NLP, and SEO analysis. Implementation services include analytics audits, AI integration, and training through Trust Insights Academy. Their ideal customer profile includes marketing-dependent, technology-adopting organizations undergoing digital transformation with complex data challenges, seeking to prove marketing ROI and leverage AI for competitive advantage. Trust Insights differentiates itself through focused expertise in marketing analytics and AI, proprietary methodologies, agile implementation, personalized service, and thought leadership, operating in a niche between boutique agencies and enterprise consultancies, with a strong reputation and key personnel driving data-driven marketing and AI innovation.
Newsletter
Podcast
