ARTIFICIAL INTELLIGENCE IT AND SECURITY SOFTWARE ADVICE AND BEST PRACTICES

Secure your data first before exploring AI

BY PROFESSIONAL ADVANTAGE - 14 May 2024 - 6 MINS READ

Data has moved beyond the traditional borders of business, with organisations adopting multiple cloud infrastructures, platforms, and services to run their operations. With data growing everywhere, artificial intelligence (AI) is both a significant help in identifying the useful data that can help us with our work and also a risk: without proper security controls and data governance, adopting AI has the potential to surface sensitive and confidential data you may not even realise existed.

If you are like many of our clients exploring AI today, we will give you the same advice we gave them: before running along the AI bandwagon, you must secure your data first.

Securing data is trickier now than ever.

Twenty years ago, everything sat on a file share, and an organisation could easily block any external access to that content. Today, your data sits in emails, chat messages, shared storage, cloud apps, various devices, and more, making it easy for us to share and collaborate. However, this cross-team collaboration with remote working or sharing of sensitive information with partners and suppliers also makes it harder to govern and secure data and monitor where sensitive data may end up.

As a result, data security incidents happen and can happen anytime, anywhere, if the right controls are not in place.

Most organisations lack visibility of how their documents could be at risk of misuse, nor can they track where these documents go after they have been shared. In some organisations, employees can copy documents to a USB or potentially upload them to their personal cloud storage like Dropbox or Google Drive, meaning organisational visibility and control of sensitive information or IP is lost. Even with sound work practices, files shared with colleagues, clients, or suppliers can get exfiltrated or sent elsewhere by a negligent user, either intentionally or accidentally.

We see this scenario in the movies too often, where a confidential document gets maliciously leaked to the press by an external party to disrupt the market or destroy an organisation’s reputation. But the reality is that this also happens in the real world. Thankfully, in the real world, organisations can set up policies that label documents as ‘sensitive’ or ‘confidential’, and no matter where the files go, the documents are protected and cannot be accessed by external users as access is constrained to a specific group or a specific individual only.

Data protection is crucial for your AI readiness.

And it starts with having the ability to protect sensitive data wherever it goes throughout its lifecycle. It doesn’t matter whether the document is in the starting point or endpoint. What’s important is to be able to identify the risks and prevent your data from unauthorised use across different apps, services, and devices.

Fortifying data security can now be easily achieved with Microsoft Purview, a comprehensive set of solutions that help your organisation govern, protect, and manage data no matter where it lives. It has an integrated approach to information protection, insider risk management and data loss prevention (DLP) that helps you:

  • Discover and auto-classify data and prevent unauthorised use across apps, services, and devices, which can also be applied to data in file shares.
  • Understand the user intent and context around sensitive data to identify the most critical risks and apply policies based on roles.
  • Enable Adaptive Protection to assign appropriate DLP policies to high-risk users.

Support for multi-cloud, hybrid, SaaS data | Partner ecosystem

How do you get started with comprehensive data security?

There are three ways Microsoft Purview can help you get started.

  1. Run Analytics to gain visibility into risks associated with sensitive data being used, accessed, and shared. This will provide you with the necessary information about user and exfiltration activity, along with policy recommendations.
  2. Enable default policies for Teams and Devices in audit mode to understand the impact before enforcing controls.
  3. Adapt the policy by dynamically enforcing DLP controls through automation to balance productivity and protection through its rich flexibility, data-centric, and contextual risk analysis.

Microsoft Purview provides robust controls that ensure sensitivity labels are applied where needed.

Sensitivity labels span your entire data estate; they represent your information taxonomy and describe the priority assigned to your categories of sensitive information. You can use terms such as public, general, confidential, or restricted to set up information protection on your files. These labels will then follow the document and map to the policy on what can happen with that document.

You can apply content labels manually by users or automatically based on classification to Office apps, Power BI reports, and Azure Data using encryption and visual markings for protection. Container labels can be applied manually by site/Team or group owners to SharePoint sites, Teams channels, and Microsoft 365 groups using access control, privacy settings, and conditional access.

Microsoft Purview elevates your policy and augments your investigation with rich signals, helping you to:

  1. Know the context by leveraging classification and labelling of sensitive data from Information Protection.
  2. Understand the intent by automatically applying risk insights from Insider Risk Management to DLP policies.
  3. Integrate alert investigation by integrating DLP alerts with Microsoft 365 Defender and Sentinel for a richer investigation experience.
  4. Leverage machine learning to identify the most critical insider risks among noisy signals – from correlating data signals and detecting sequences to detecting anomalies.

AI adoption demands secure and well-governed data

Have you ever saved a file somewhere because you think you might use it in the future, but five or ten years later, it’s still there sitting in folders or sites that you never opened again? Gartner calls it dark data. From a compliance regulation point of view, dark data already poses security risks. AI will increase those risks because it can look at every corner of your Microsoft Cloud tenant and every bit of your business data, thereby surfacing data you should have disposed of previously.  

AI is fast becoming a critical part of every business in solving real-world problems and driving business outcomes. However, it is only as good as the quality of your data security and governance.

At Professional Advantage, we offer end-to-end services that help our clients secure their data to adopt AI successfully – from use case development, best-fit AI solution planning, infrastructure readiness, and responsible AI planning to solution deployment and support.

Learn how to organise and secure your data before adopting AI by signing up for our upcoming webinar on the 1st August 2024. Register here to reserve your spot.

Implementing AI? Organise and secure your data first. Register now.

Write a Comment


Talk to us

If you would like to learn more, complete the form below and one of our team will be in contact.

Your information will never be shared or sold to a 3rd party,
please read our privacy policy.