Two recent developments are acerating the conversation around Copilot: 1) Its integration options into Microsoft 365 for Business Premium or Enterprise subscribers and 2) That Microsoft’s recently-announced Copilot+ PCs based on ARM processors began shipping to consumers this past month.

Further Copilot integration within the Microsoft ecosystem will lead to more widespread adoption. Like many new technologies, consumers who use Copilot on their personal devices will expect a similar level of functionality on their corporate machines.  This recent Copilot traction is causing some organizations to reconsider— or in some cases—even block Copilot usage.  

Problems caused by inaccurate data classification

When it comes to Copilot and data security, data classification accuracy is key. Copilot uses Microsoft Purview Information Protection (MPIP) tagging to secure data use in Copilot. MPIP tagging can have some serious issues if data isn’t tagged or if it is tagged incorrectly.

Copilot data security issues that could occur with MPIP tagging:

• Manual and sometimes inconsistent processes can lead to inaccurate data classification: The implementation of safeguards on Copilot hinges on the precise application of sensitivity labels that secure data. Data remains at risk when mislabeling occurs or if data classification lacks consistency. The manual process of tagging files and data with sensitivity labels is prone to mistakes, and Microsoft’s labeling technology doesn’t extend to all file types.
   
• Copilot-generated content is handled differently: Documents created by Copilot in response to user requests do not automatically apply sensitivity labels from their source materials. Consequently, newly created documents containing sensitive information might inadvertently be accessible to unauthorized parties if they had been incorrectly classified.
   
• The risk of sensitive data exposure: If sensitive data is incorrectly classified as non-sensitive, it might not receive the necessary protections through Microsoft Copilot, such as encryption or access restrictions. This could potentially expose the sensitive data to unauthorized users or systems.

Forcepoint DSPM uses AI to ensure data classification accuracy

This is where Forcepoint Data Security Posture Management (DSPM) steps in. Forcepoint provides highly accurate AI-powered data classification, by using AI Mesh technology. This networked AI architecture leverages a GenAI Small Language Model (SLM) along with advanced data and AI components to efficiently capture context from unstructured text.

It’s customizable and also efficient—which ensures rapid, accurate classification without requiring extensive training. Unlike other competitive classification tools that use AI, the AI Mesh within Forcepoint DSPM is explainable, making it one of the strongest trustworthy AI solutions for data classification on the market today.

Forcepoint DSPM can review Microsoft Purview Information Protection classifications and either apply them to documents that have not been classified with high accuracy or correct these classifications using AI Mesh technology.

Unlock the full potential of Microsoft Copilot with Forcepoint DSPM

Are you ready to unlock the full potential of Microsoft Copilot with a secure and responsible approach? Contact us to learn more about how we can secure data in Copilot and learn how Forcepoint DSPM and its AI Mesh technology will help unlock the true potential that Copilot brings to your organization.

Also, stay tuned for a future blog post that will dive deeper into the workings of AI Mesh technology.

Kevin Oliveira