Skip to main content

Overview

Enterprises have vast knowledge bases—internal documentation, research, reports, and proprietary data. Raily helps you make this content AI-ready while maintaining security and compliance.

Secure Access

Control which AI tools can access sensitive content

Audit Trail

Complete logging for compliance requirements

Department Control

Different policies for different teams

Internal AI Apps

Power your internal AI tools safely

The Challenge

Enterprises want to leverage AI for productivity, but face significant hurdles:
  • Security concerns: Sensitive data could leak through AI systems
  • Compliance requirements: GDPR, HIPAA, SOC 2 require audit trails
  • Department silos: Different teams have different access needs
  • Shadow AI: Employees using unauthorized AI tools

The Raily Solution

1. Secure Your Knowledge Base

Register internal content with appropriate classifications: 
// Register internal documentation
await raily.content.create({
  externalId: "internal-doc-456",
  title: "Q4 Financial Report",
  type: "report",
  source: "sharepoint://documents/finance/q4-report",
  metadata: {
    classification: "confidential",
    department: "finance",
    owner: "cfo@company.com",
    retentionDate: "2027-01-01"
  }
});

2. Create Department-Based Policies

const hrPolicy = await raily.policies.create({
  name: "HR Confidential",
  rules: [
    {
      action: "allow",
      conditions: {
        requesterType: "internal_app",
        requesterTags: ["hr_access"],
        "content.metadata.department": "hr"
      },
      permissions: ["full_access"]
    },
    {
      action: "deny",
      conditions: { default: true },
      message: "HR documents require HR system access"
    }
  ]
});

3. Build Compliant AI Applications

Create internal AI tools that respect access controls: 
// Internal chatbot that respects Raily policies
async function askInternalAI(question, userId, department) {
  // Get relevant documents based on user's department
  const relevantDocs = await searchKnowledgeBase(question);

  // Check access for each document through Raily
  const authorizedDocs = [];
  for (const doc of relevantDocs) {
    const access = await raily.access.check({
      contentId: doc.railyId,
      requesterId: `internal_${department}_app`,
      context: {
        purpose: "inference",
        userId: userId,
        department: department
      }
    });

    if (access.allowed) {
      const content = await fetch(access.contentUrl);
      authorizedDocs.push(await content.text());
    }
  }

  // Use only authorized content
  const response = await openai.chat.completions.create({
    model: "gpt-4",
    messages: [
      {
        role: "system",
        content: `Answer based only on this context:\n${authorizedDocs.join('\n\n')}`
      },
      { role: "user", content: question }
    ]
  });

  return response.choices[0].message.content;
}

Real-World Examples

Financial Services Firm

Challenge: A financial services firm wanted to create an AI assistant for advisors while ensuring client data stayed protected. Solution:
  • Registered all client documents with strict policies
  • Created role-based access (advisor, compliance, executive)
  • Implemented comprehensive audit logging
  • Built internal AI assistant with Raily integration
Results:
  • Advisors 40% more efficient with AI-powered research
  • Zero data leakage incidents
  • Complete audit trail for compliance
  • Passed SOC 2 audit with flying colors

Healthcare Organization

Challenge: A healthcare organization needed to make research documents accessible to AI tools while maintaining HIPAA compliance. Solution:
  • De-identified research data before registration
  • Created separate policies for clinical vs. administrative
  • Implemented strict access logging
  • Set up alerts for unusual access patterns
Results:
  • Researchers can use AI tools safely
  • HIPAA compliance maintained
  • Audit-ready access logs
  • 60% reduction in manual research time

Compliance Features

Complete Audit Trail

Every access request is logged with full context: 
const logs = await raily.access.logs({
  contentId: "cnt_sensitive_doc",
  period: "30d"
});

logs.forEach(log => {
  console.log(`${log.timestamp}: ${log.requesterId}`);
  console.log(`  Action: ${log.action} (${log.allowed ? 'ALLOWED' : 'DENIED'})`);
  console.log(`  Context: ${JSON.stringify(log.context)}`);
  console.log(`  Policy: ${log.policyId}, Rule: ${log.matchedRule}`);
});

Data Residency

Configure where your data is processed: 
await raily.settings.update({
  dataResidency: "eu",  // or "us", "apac"
  encryptionKey: "your-kms-key-arn"  // BYOK support
});

Integration with Identity Providers

Connect with your existing SSO: 
// Okta integration example
const railyRequesterId = await mapOktaUserToRaily(oktaUserId);

const access = await raily.access.check({
  contentId: docId,
  requesterId: railyRequesterId,
  context: {
    authProvider: "okta",
    groups: oktaUser.groups,
    mfaVerified: true
  }
});

Implementation Guide

1

Inventory Content

Catalog your internal knowledge bases and classify by sensitivity.
2

Map Access Requirements

Document who needs access to what, and under what conditions.
3

Create Policies

Build policies that reflect your access requirements.
4

Integrate Identity

Connect Raily with your identity provider.
5

Build AI Apps

Create internal AI tools that use Raily for access control.
6

Monitor & Audit

Set up monitoring, alerts, and regular access reviews.

Sample Policy: Enterprise Knowledge

// Complete enterprise knowledge base setup
const setupEnterpriseKB = async () => {
  // Public knowledge (company wiki, public docs)
  const publicPolicy = await raily.policies.create({
    name: "Public Knowledge",
    rules: [{
      action: "allow",
      conditions: {
        requesterType: "internal_app",
        "content.metadata.classification": "public"
      },
      permissions: ["full_access"]
    }]
  });

  // Internal only (employee handbook, processes)
  const internalPolicy = await raily.policies.create({
    name: "Internal Only",
    rules: [{
      action: "allow",
      conditions: {
        requesterType: "internal_app",
        "content.metadata.classification": "internal"
      },
      permissions: ["full_access"],
      rateLimit: { requests: 500, period: "hour" }
    }]
  });

  // Confidential (client data, financials)
  const confidentialPolicy = await raily.policies.create({
    name: "Confidential",
    rules: [
      {
        action: "allow",
        priority: 1,
        conditions: {
          requesterType: "internal_app",
          "context.department": { in: ["${content.metadata.ownerDept}"] },
          "context.mfaVerified": true
        },
        permissions: ["full_access"]
      },
      {
        action: "deny",
        priority: 99,
        conditions: { default: true }
      }
    ]
  });

  // Set up alerts for sensitive access
  await raily.alerts.create({
    name: "Confidential Access Alert",
    condition: {
      event: "access.granted",
      filter: { "content.metadata.classification": "confidential" }
    },
    actions: [
      { type: "webhook", url: "https://siem.company.com/alerts" }
    ]
  });

  return { publicPolicy, internalPolicy, confidentialPolicy };
};

Next Steps

Security Best Practices

Learn about policy configuration

SSO Integration

Connect your identity provider

Compliance

Set up audit logging

Contact Sales

Discuss enterprise deployment