Bringing Microsoft Purview and Copilot Together to Protect Sensitive Data
Over the past 5 months, this blog series has covered the fundamentals of Microsoft Purview. As we have shown, Purview provides a powerful layer of data-aware visibility and protection that complements more traditional security controls like identity management, access control lists, group memberships, endpoint security, and management tools. Those traditional tools are certainly critical, and Purview provides even more layers of data protection.
It is clear that having Purview data governance policies can help protect data as it is used today, but how about in the future? In particular, how does Purview fit into the picture when it comes to the way that data is used by large language model (LLM) and generative AI tools? The Microsoft 365 Copilot offerings are the first that come to mind, but there may also be other LLM tools that will use data from your tenant as source material.
As these new tools gain traction, many organizations that have kicked the data governance can down the road may be in for a rude awakening if they assume that their data will remain secure without a governance plan and controls in place. By design, AI tools like Copilot that are trained on your tenant data and will produce results based on all the data that the user has access to in order to answer questions or perform tasks. This magnifies the real risk—that misclassified or otherwise ungoverned sensitive data will be inadvertently exposed as people use AI tools. My colleague Chris Stegh aptly calls this, “People seeing the unseeable.” (Can Copilot Command the Coin? – eGroup | Enabling Technologies (eGroup-us.com))
Access Control and Governance
Access control and governance become even more critical as Copilot or other AI tools become commonly used and the demand for them increases. The Purview features we have discussed so far can address the risk outlined above.
Microsoft Cloud Features
There are a few other complementary Microsoft cloud features that bear mentioning when creating an overall data governance plan:
Increasingly, compliance functionality like that offered by Purview is becoming an additional required security control. Data-aware governance and protection is no longer just for regulated industries or small groups in a larger organization. You likely already have many (or all) of the tools discussed above at your disposal, and I would encourage you to explore them and see how they can be applied to your data so that the organization can get the most value out of their Microsoft investments now and in the future.
Interested in learning how you can leverage of Purview and Copilot in a way that is safe and compliant?
Contact our team of experts to get started today on your road to data governance and AI!