One Vital Step to Get Right Before Deploying Copilot

• Microsoft 365 Copilot transforms workflows, but it also risks exposing sensitive data if not carefully managed.
• Controlling Copilot’s access to your data starts with strong data governance.
• Symantec DLP integrates with Office 365 to enforce consistent policies across all data channels, securing existing and newly generated content.

Organizations are transforming the way they work with artificial intelligence tools like Microsoft 365 Copilot. They’re finding, interpreting and working with data in new ways with efficiency more optimized than ever. From summarizing reports and presentations to creating new analysis or designing PowerPoint slides, the potential of this technology is undeniably exciting.  

However, this same technology can also disrupt the systems and internal controls carefully designed to keep your data safe. Many organizations follow a least privilege access model variant to ensure that users can only access the data and systems they need. But what happens when Copilot has access to everything? What precautions do you need to keep restricted data truly restricted?

The one step: Data governance

The answer is straightforward—don’t let Copilot access your restricted data. How do you control that? Through the right data governance—the process for deciding what is sensitive data and how to protect it. Microsoft itself advises that the very first thing a customer should do when implementing Copilot is to focus on data governance.  

However, in practice, this is not always straightforward, especially when you consider that every piece of data in Office 365 needs to be:

• Discovered
• Inspected for sensitive content
• Classified (with the knowledge that Copilot will only ignore certain classification levels)
• Protected via Label

If that wasn’t hard enough, the process must be consistent—not just for today’s data, but also legacy data (that may not yet be classified) and any future data you store in Office 365. Existing classification categories may not always align with the guardrails around what Copilot will ingest (or leave alone), resulting in more work as you check and update these. If users are allowed to classify data, inconsistencies in your system are inevitable. After all, to err is human.

Simplify that step with Symantec DLP

Many may assume that DLP systems are difficult to use, but compared to the alternative, they actually simplify how you secure data. Symantec DLP offers many advantages to those who are adopting Copilot, including:

• Full integration with Microsoft Office 365 using Microsoft’s API, without the need for an agent (not all DLP systems can say this).
• File content inspection to identify sensitive data, including discovery of unlabeled content or previously classified files that now appear to contain potentially sensitive data.
• Automatic correction of data misclassified as lower than needed, applying a higher classification state via DLP policy responses.
• File labelling with Microsoft Purview Information Protection, ensuring these labels are fully recognised by Copilot.

Unify data governance

In addition, Symantec DLP can quickly apply any existing DLP policies to Office 365. This ensures your DLP policies will be consistent across all your channels protected by DLP (endpoint, other SaaS/IaaS applications, storage, web, email). Full MPIP integration makes the most out of your existing investment.

Looking ahead, your Copilot data governance program will expect you to evaluate any new data you add to Office 365 before it is ingested by Copilot. In addition, any content that Copilot generates will also need to be protected. Symantec DLP can ensure new content (whether generated by Copilot or not) is inspected, categorised and labeled, allowing you to fully protect it—wherever it goes.

See us live in person at RSAC