An Introduction to Data Security Posture Management for AI

Photo by Carlos Muza on Unsplash

Microsoft Features: Microsoft Purview DSPM for AI

Estimated Read Time: 3 minutes

AI and Data Security Concerns

Since the onset of widespread adoption of AI throughout countless organizations and industries, experts have been warning of oversharing and other data security risks that can result in significant damage to organizations. 

For example, let’s consider a confidential SharePoint site that still exists for a project that was concluded a year ago. The employees who were involved in this project still have access to the site and all of the confidential documents stored within it. Imagine that Copilot is deployed organization-wide. Now when an employee who was involved in the project submits prompts to Copilot, it is possible that Copilot will return information referencing the confidential project documents. If this employee uses Copilot to generate content (e.g., a presentation), it is also possible that confidential information is duplicated and distributed through the created content. To make matters even worse, in the case of a threat actor gaining access to this employee’s ID, confidential project information would be at their fingertips in seconds.

In the above example, implementing solutions such as Microsoft Purview Information Protection, Microsoft Purview Data Loss Prevention, and Microsoft Purview Records Management can certainly help reduce data security concerns by protecting documents with labels, blocking unapproved information flows, and deleting information when it is no longer needed.

With all of this being said, it is crucial that administrators have a consolidated and comprehensive way to understand their security posture and vulnerabilities, govern relevant data security initiatives, and secure AI activity to confidently deploy AI solutions.

What is DSPM for AI?

Data Security Posture Management (DSPM) for AI is a solution in Microsoft Purview that allows administrators to understand the usage of AI within their organization, evaluate oversharing risks, and protect sensitive data. It provides a unified view of all “AI-related” policies created across Purview, summarizes your user’s AI activity, provides recommendations to improve data security, and generates weekly oversharing data assessments.

Key Features of DSPM for AI

As mentioned above, DSPM for AI allows administrators to understand AI usage, evaluate oversharing, and protect sensitive data. This is supported with the following key features:

• Recommendations: review and track implementation progress on automatically generated recommendations for improving your organization’s data security posture, dynamically created based on the current state of your tenant.

• Reports: review and understand your organization’s AI usage, including sensitive interactions that may be posing data security risks to your organization.

• Policies: deploy one-click policies and view all custom AI-related policies configured in Purview.

• Activity Explorer: with an experience very similar to the classic Purview Activity Explorer, DSPM for AI provides an explorer pre-filtered for AI-specific events such as AI interaction and AI website visit.

• Data Assessments *: DSPM for AI automatically generates a weekly oversharing report of your organization’s top 100 SharePoint sites, including recommended remediation actions. Administrators can also create custom data assessments to include specific users and SharePoint Online sites for oversharing evaluation depending on organizational needs.

* Please note that the Data Assessments feature is in Public Preview at the time of writing.

Why Use DSPM for AI?

DSPM for AI provides admins with many useful insights and remediation activities to govern data security throughout AI adoption. Some (but certainly not all) of the reasons organizations choose to leverage DSPM for AI include:

• Connects data collected across all in-use Purview solutions, offering a unified view of your tenant’s data security posture and controls.
• Supports monitoring and protecting data in AI interactions with almost 400 third-party AI sites (and this number is constantly growing!).
• Defines one-click policies to collect deeper insights into potential data security risks associated with AI usage.
• Supports admins in evaluating and remediating oversharing in SharePoint Online.

Closing Thoughts

The widespread adoption of AI solutions has highlighted the need for organizations to prioritize implementing good data security and governance strategies. Over the past few years, Microsoft has been steadily releasing many useful features to support a secure Copilot adoption. With the recent release of DSPM for AI, administrators now have a consolidated view of relevant AI-related data security and governance policies and insights. In my upcoming blog series, I will be diving deeper into the key DSPM for AI features. Stay tuned!

For those interested, here are links to the other blogs in my DSPM for AI series (links will become available as the blogs are published):

• An Introduction to Data Security Posture Management for AI
• Getting Started with Data Security Posture Management for AI
• Understanding Your Organization’s AI Activity with DSPM for AI
• Safeguarding AI Activity with DSPM for AI