Posted October 5, 2023 by Chris Glanden
Hi, Everyone. I’m Chris Glanden, Senior Security Architect at Sayers. Throughout the month of October, coinciding with Cybersecurity Awareness Month, I’ll be providing you brief video insights into security hot topics. In today’s episode, I’ll be discussing a cutting-edge tool you’ve likely already heard about, Microsoft Copilot.
What is Microsoft Copilot?
Microsoft Copilot is a generative AI assistant integrated into Microsoft’s productivity suite, including Word, Outlook, Teams, Excel, and PowerPoint.
Copilot’s mission? To automate tasks and create content, aiming to boost your productivity. Think of it as your trusty sidekick, ready to jump in and help you with a variety of tasks, thus making your work life easier.
It harnesses the power of LLMS, also known as Large Language Models, to turbocharge productivity, so tasks like drafting emails or crafting PowerPoint presentations are handled with ease. Although keep in mind, that substantial benefits may not be immediate.
The Future of Copilot
It’s currently in early testing with a limited number of customers and expected to be generally available on November 1st. Microsoft also has big plans in that they are aiming to expand Copilot’s reach across even more apps and even integrate it with third party tools.
However, with any new technology, there are concerns, especially with something that will be analyzing those files that you forgot about, didn’t know you had access to, or shouldn’t have access to. In fact, Gartner recently pointed out that although Copilot leverages Microsoft’s existing cloud security measures, these were not originally tailored for the introduction of new AI features.
They also urge leaders in security and risk management to establish verifiable safeguards for AI data protection, privacy, application security, and the management of extensive LLM input and output context. Even in regulated industries.
Its full readiness is still in question due to these risks, and so I encourage users and implementers to exercise caution regarding constant filtering, data protection, and potential prompt injection attacks.
The advancement seamlessly integrates ChatGPT style technology into the everyday workflows of employees, embedding it within the commonly used tools that facilitate communication with both coworkers and clients.
Implications and Considerations
It’s critical not to underestimate the possible data related threats that come with this tool. Bear in mind that even though it’s an extremely advanced technology, it’s still prone to producing errors, otherwise known as hallucinations, and when combined with human factors, it can create a situation where organizations may find themselves facing significant data privacy challenges.
To sum things up, if your business is interested in using Copilot, perform your own due diligence and consider conducting proof of concepts. Don’t forget to educate your team about its capabilities and limitations. Structure the rollout in a methodical way that makes sense to the business to ensure your proper value attainment.
Gartner speaks to this as well by recommending organizations use contract and license agreements, assess and revise document permission controls, use third party products to filter Copilot’s inputs and outputs, enforce data governance practices, and work with your legal and compliance departments to address concerns about LLM transparency.
Contact us, if you would like to learn more about Microsoft Copilot or see how Sayers can help your organization.