If you\u2019re an IT professional, you may have breathed a sigh of relief when you learned that Microsoft Copilot would replicate the permissions already in place for your Microsoft apps. Not only that, but Microsoft has also assured us that:<\/p>\n
Given those safeguards, you might think that Microsoft has done the heavy lifting for you when it comes to data governance and data security. But here\u2019s the kicker: AI is a whole new world. It requires you to pay even more attention \u2014 not less \u2014 to good data governance practices and data security.<\/strong><\/p>\n In the first blog in our Get Ready for Copilot series<\/a>, we covered the essential steps to take when selecting the copilots that match your business strategy, identifying employees who will benefit the most from the tool, and thinking about both upfront and long-term costs. Once you\u2019ve taken those steps, you must start thinking about your technical readiness to optimize your data for Copilot and keep it safe.<\/p>\n While most people think of bad actors when they hear the words \u201cdata security<\/a>,\u201d Microsoft Copilot introduces the possibility that your data could be exposed by well-meaning employees who are just doing their jobs as they always have. For example, imagine that an HR representative has stored salary reviews for the last year in a public human resources Microsoft Teams channel<\/a>.<\/p>\n After the HR rep leaves the firm, a new hire joins the public Teams channel. Curious about their earning potential at the company, the new hire asks Copilot, \u201cWhat should I expect for a salary raise my first year?\u201d To prepare its response, Copilot accesses the public Teams channel and draws on data from the unsecured salary reviews.<\/p>\n The awesome thing about Microsoft 365<\/a> (M365) is that many tools to prevent such errors are already built in. A review of your Microsoft Teams privacy settings<\/a> would have saved the day in our HR Teams example. Other M365 apps (SharePoint, OneDrive, and so on) have guest privilege features that are easy to toggle on or off.<\/p>\n The bad news is that many of these tools did not exist in our historical, on-premises environments.<\/strong> Employees need to know that they are available and how to use them. Unless your organization has been forward-thinking in implementing the tools, the learning and adoption curve can be steep.<\/p>\n To address security and compliance at a deeper level, you must also review your policies that govern issues like conditional access, the use of sensitivity labels on data<\/a>, data loss prevention, and data retention. Once you have taken these steps, you\u2019ll be better prepared to address enemy number one: data ROT.<\/p>\n ROT stands for redundant, obsolete and trivial data. If you have an abundance of data ROT, you are at risk of not getting the best from Microsoft Copilot and opening your data to breaches, whether at the hands of bad actors or your dedicated employees.<\/strong><\/p>\n As an example of two aspects of ROT, redundant and outdated, in my attic I once had three copies of the book \u201cNetworking for Dummies.\u201d The book dates from 1999 and is 300 pages long. My son is getting interested in computing and networking, and one day, he had a question about wiring and plugs. I remembered I had those books in the attic, so I tromped upstairs and rummaged through memory lane until I found the books. I grabbed them and came down the stairs, proud of my decision to store the books away \u201cjust in case.\u201d<\/p>\n Meanwhile, my son had already found the wiring scheme on the internet and was fast at work. My multiple copies of the same heavy book were redundant and also outdated, both in content and format. Needless to say, I don\u2019t have those books anymore.<\/p>\n ROT waters down search and generative AI responses.<\/strong> For example, suppose you have your current Excel price sheet, but you also have a price sheet for the last 20 years stored. Accidentally, an old version of the price sheet is modified, making it the \u201cmost recent\u201d file.<\/p>\n Now, when you ask Copilot for the price changes for a product over the last three years, it does not know what the most authoritative content is, and it could generate responses with the wrong data points. Without enforced data governance<\/a> around such unstructured files, the chances of such errors and AI \u201challucinations\u201d rise. As a result, users will lose trust in the tools.<\/p>\nThe Data Security and Data Policy Compliance Review<\/h2>\n
Root Out Data ROT with a Data Hygiene Technical Checklist<\/h2>\n
\n
Microsoft Purview: Your ROT-fighting Tool<\/h2>\n