Microsoft Copilot, AI and YOU

A Note From Entech’s Chief Information Security Officer, Chris Brenes

Yes, I am a geek. 😏

The fact is, these security architects aren’t widely available to the general public – especially not available to have their brains picked about the inner details of the product suite Microsoft offers to us now. 

I don’t often get the opportunity to share updates via our newsletter, so when it presented itself I kicked around ideas of what to share. There are so many things, all the things, but limited space. 

I considered some productivity and collaboration ideas, not widely known but valuable nonetheless, like Forms, Task and To Do available in Office 365. I also considered powerful security options, like DLP and Conditional Access also available in Office 365. 

Ultimately, there’s one topic so hot today that I kept coming back to it. It’s also one that consumed a lot of our attention when meeting with that Microsoft architect: artificial intelligence in general and Microsoft Copilot to be specific. What about Copilot has me as a CISO very concerned? 

As David shared a couple of months ago, Copilot is an amazing service that can increase the productivity of your team. Need to draft something up, but not sure where to start? Use it to brainstorm and create a starting point. 

What sets Copilot apart from other AI like ChatGPT is the access it has to your O365 tenant. As an example, suppose you were just added to an email thread that has been going on for quite some time. It’d take quite some time to read through the various emails in the thread, and ultimately you might still not be quite sure you understand the current state of the discussion. 

Just ask Copilot to summarize it for you. In no time, a detailed yet concise summary appears for you. Were you out on vacation and missed the last few meetings? Ask Copilot to get you up to speed, and you can quickly understand who said what and where things stand.

The real kicker though is that it can pull together information from across the suite of tools available in O365 and use that information to provide a more comprehensive response than other tools. 

Suppose you need to create a sales presentation. Copilot can source from emails, Sharepoint, documents and so on to make sure all the fine details are included in its response.

All very amazing, and all similar to what we have shared in the past, but here is where I’ll take us in a different direction.

Copilot and Security 

What do you suppose a room full of CISOs is thinking about when such a powerful tool has access to all the data that your O365 suite has to offer?

Spoiler: the potential risk regarding data security and accidental  exposure.

That’s the stuff of CISO nightmares. 😱

The good news is that our guest had the answers to allay most of our data security risk concerns. He explained how the architecture worked, and how data flows through the ecosystem. 

Still, he answered most of our questions, but not all. 

The short version is that Copilot observes your existing data controls, to include DLP. This means if someone can get access to data on your network that they shouldn’t have access to due to poor design, Copilot is going to find that data and potentially present it to them even if they are unlikely to have ever stumbled into it on their own. 

How to Use Copilot Securely

What should you do then, if you really want to leverage Copilot and enjoy the efficiencies it can bring your team? 

First, review your access controls – especially for your most sensitive data. Make sure the wrong people can’t get to that data, just because they haven’t viewed it yet doesn’t mean they can’t – it could be pure chance. 

Second, start using Copilot with a small group of your most trusted circle. Make sure it’s working as expected, and that the data being presented to the group isn’t something they should be able to access. Have them try to find things they shouldn’t be able to find, and when they do, ensure access controls are adjusted so they no longer can. Copilot will observe changes to these access controls, so even if someone could view data before they won’t be able to continue to if changes are put in place. 

AI is a powerful tool. Microsoft Copilot in particular has the potential to create a major change in how things get done inside your business. And for those that worry about AI taking over human jobs, it’s more likely that humans using AI will replace jobs of humans that don’t use AI. 

The future is now, are you ready?