“Anyone who has spent time in IT and security knows that employees have vastly over-provisioned and unnecessary access to sensitive resources. … Enter Copilot, which puts enterprise search on steroids and easily uncovers sensitive information that employees (and their organizations) didn’t realize they had access to.” A must-read from our CEO Jim Alkove.⬇️
It appears that Microsoft Copilot has a risky “oversharing problem.” As I’ve been saying for months, enterprise AI search agents like Microsoft’s Copilot can quickly become a nightmare for CIOs and CISOs. Anyone who has spent time in IT and security knows that employees have vastly over-provisioned and unnecessary access to sensitive resources. Until now, lackluster enterprise search capabilities have made it difficult for employees to uncover much of the sensitive information they have access to, which has helped lessen the impacts. Enter Copilot, which puts enterprise search on steroids and easily uncovers sensitive information that employees (and their organizations) didn’t realize they had access to. This is catching many organizations off guard. In fact, a recent Gartner survey indicated that 40% of IT managers have delayed Copilot deployments due to “oversharing and security concerns.” And Microsoft’s answer to this? Instead of pushing organizations to address the root issue by moving to a more secure “least privilege” model for employee access and providing them with the tools to get there – Microsoft recommends organizations conduct limited Copilot deployment trials to see what information Copilot can uncover prior to broader rollout. What? This is a limited, point in time, duct tape approach to the problem that is wholly insufficient. And risky. But, at the end of the day, this isn’t really Copilot’s fault. Copilot just shines an intense spotlight on the underlying issue of over-provisioned and unintended employee access. Hopefully Copilot’s oversharing issue will drive many security leaders to finally address the problem of vastly over-provisioned and unintended access. (After all, this is the same reason why identity related issues have become the top driver of security breaches in recent years.) Organizations are understandably cautious in limiting employee access because they currently lack the tools and context to understand and manage access. It may be surprising that most organizations can’t answer basic questions like: - Who has access to what? - Where did they get it? - How are they actually using it? And, - Should they even have it? The challenge is that identity and access management teams are hobbled with a patchwork of legacy technologies and cumbersome manual processes to manage employee access. This approach simply isn’t equipped to deal with the sprawl of decentralized cloud and SaaS applications combined with the ever-growing mountain of sensitive and confidential information – and now, AI. This is EXACTLY why we are building Oleria. We are reimagining identity security for the modern era and providing essential visibility, intelligence and action to these teams so they can finally answer these critical questions and protect their organizations' sensitive resources from threats – both internal and external. We’re ready for the AI era! Come join us! #AI #copilots #cyber #identitysecurity