Organizations are recognizing and adopting GenAI at speed, but does it pose a security risk to your organization? Services like Microsoft Copilot for 365 have made GenAI real, tangible and have demonstrated GenAI’s ability to transform businesses and work for the better. There are some key considerations and dependencies when adopting GenAI, of course.
Data availability and management are critical considerations – even when much of the data that will enable GenAI capabilities is available on the cloud (as is the case with Copilot). Cultural change, process change, and user training are vital to getting the full value from GenAI and ensuring a smooth and widespread adoption.
GenAI offers tremendous opportunities, but without the right cybersecurity posture, it could present enormous risks. You need to be ready now.
It’s likely (I hope) that you have considered both, but there is one other area you need to consider when it comes to GenAI – the impact on your cybersecurity posture. Let’s explore three reasons why.
Reason #1: It affects data governance.
GenAI adoption requires a review of your data governance – who can have access to the data, when, and for what purpose? What data can employees give GenAI access to or do you want that managed centrally? How do you expect to label the output from GenAI?
For example, should a financial report have the same level of restrictions on sharing as a PowerPoint created by Copilot about your organization’s latest wellbeing initiative? The answers to these questions are necessary to ensure your governance reflects the new ways you and your employees will be using data. And that has ramifications for your security posture. Policies without ways to enforce them are meaningless, meaning cybersecurity will need to be reviewed alongside any governance change.
Reason #2: It could change your risk profile.
According to a study published in Forbes, almost half of senior management aren’t confident their risk management processes are good enough for the adoption of AI. Governance is one thing, but GenAI is also dependent on HOW people use it, and governance can only go so far. GenAI offers tremendous opportunities, but without the right cybersecurity posture, it could present enormous risks. AI-enabled attacks are becoming standard and greater use of GenAI will undoubtedly open up new threats from within and outside your organization. You need to be ready now.
Reason #3: You’ll be working with data in very different ways.
Data held in Microsoft Cloud is protected by Microsoft security solutions, detection and response, and advanced Security Operations Centers. You need to know and understand these, but data on these platforms is well secured. However, when you’re running your own applications in cloud, migrating data across hybrid or multi-cloud environments, things are different – the security of your data becomes your responsibility (or that of your service provider, depending on your set-up and agreements).
You need a cybersecurity strategy that won’t get in the way of data sharing (and thus in the way of GenAI operations and effectiveness). It must ensure that data is protected when residing in the cloud, in transit, and anywhere else it may be. This can be as complex as it sounds, and many enterprises have hundreds, if not thousands, of security tools in play to ensure their security posture. They all must now adapt to GenAI to deliver less friction, zero latency and potentially support much more movement of data. Although adopting Copilot helps mitigate some of these concerns initially, if you want GenAI to access your data held on-premises, on devices or on other platforms, you need to start addressing this now.
The best approach to securing GenAI? Be secure before you start.
If you’re looking at your GenAI strategy, make sure cybersecurity is part of your plan. Building in security from day zero minimizes the risk and cost of any remediation or course correction at a later date. Adopting ‘ready-to-go’ cloud-based GenAI services like Microsoft Copilot for Microsoft 365 helps you adopt GenAI securely, as it automatically inherits your organization’s security, compliance and privacy policies from Microsoft 365. This can create a good basis for adopting GenAI while reducing the risk.
It’s equally important to consider how your security policies need to change over time, and the wider impact on your secure infrastructure to build and evolve your security posture as your adoption of GenAI evolves and scales out.
Microsoft and Atos: Helping you evolve to adopt secure GenAI.
Both organizations have solid, well-earned reputations for cybersecurity expertise. Microsoft invests more than US$1 billion annually on cybersecurity R&D and has over 90 compliance offerings. Atos has decades of expertise in delivering secure infrastructure, and working with Microsoft security applications, including developing tools and solutions on Microsoft Sentinel. In addition, our consultants and engineers have deep knowledge of governance frameworks, providing the support you need for a security posture ready for GenAI.
To learn more about how Microsoft and Atos are helping businesses get ready for and adopt GenAI
read our Buyer’s Guide to Copilot 365.
Learn more about GenAI for Hybrid Cloud
Dharmindar Chahal
Global Microsoft Alliance Director
