Insights | 09.11.2023By Peter Trier Jørgensen

Imagine John, a diligent project manager using Copilot to enhance his productivity. John needed production cost data for a project, and Copilot swiftly retrieved the information. However, what seemed routine quickly turned into a data security nightmare. Copilot retrieved and showed John highly confidential costs for a secret project.

The same story could be told about an employee accessing the salary information for executive since it was stored in a spreadsheet on a SharePoint Online site with no access restrictions.

AI has emerged as a transformative event for digital organizations, promising significant productivity boosts and improved decision-making, but these opportunities come with substantial challenges, and data security is at the forefront of these concerns.

To be ready for AI, you need data security for AI. More specifically, you need to:

  1. Prepare your data estate through data classification and label your data according to its sensitivity and value.
  2. Identify the sensitive data you must protect.
  3. Secure data usage by implementing data security controls such as access control and extend them to AI solutions.
  4. Monitor and improve your data security posture continuously.

Secure your data for AI

Prepare your data estate

You need to prepare your data estate to ensure that AI solutions leverage your data in a secure way. This starts with data classification. Data classification is a cornerstone of data security for AI, as only by classifying data according to sensitivity and value, organizations can control what users can access and manipulate using AI tools. Data classification should be the foundation of all organizations’ data security posture. AI only makes this premise more prevalent.

  • Define your data classification model according to the sensitivity and value of information.
  • Define the appropriate security controls for each sensitivity level.
  • Implement data classification labeling and controls, e.g., through Microsoft Purview.

Identify sensitive data

For data to be labeled and secured, you need to identify the sensitive data. Workshops and engaging with stakeholders work to identify storage location where sensitive data is likely to be stored. Technical scanning tools provide a way to identify sensitive data matching data patterns or data recognition.

  • Identify high-risk storage locations in order to identify and label sensitive data.
  • Use technical scanning tools to identify sensitive data across your data estate for both structured and unstructured data.
  • Label your data through manually labeling by users or automatic labeling through data patterns or data recognition.

Secure data usage

When the foundational data security measures are in place, you need to implement concrete data security controls for your AI solutions to protect which data is processed by the solution.

  • Implement data security controls for your data according to its sensitivity.
  • Extend your data security controls to AI solutions such as Copilot for them to respect data confidentiality in their responses to users to prevent data breaches.
Example of data security controls embedded in an AI solution

Monitor and improve

Data security doesn’t stop with controls deployment but requires active monitoring and continuous improvement to stay secure in today’s fast-paced tech world.

  • Establish the procedures and tools for monitoring the security of your data estate and to identify potential data security incidents and breaches.
  • Forward alerts to relevant systems such as your SIEM.
  • Review and identify areas of improvement in your data security framework and continuously improve your data security posture following risk-based decisions.


Visit, like or comment on the original post on LinkedIn