I’m not just talking about the employer. I know of only a few companies that have their documents ranked in order across all systems. This means that you will have to specify a rating for each document you create or the system will automatically modify it itself.
In addition, this may mean that a person cannot share a document with someone, but always shares a document based on classification, also with third parties. Sharing with people and groups should then be disabled in all systems (after all, the classification determines what you have rights to, your role determines which classification you fall into, and you no longer have to share by person or group).
In fact, you only see these types of facilities in the defense industry or companies that deal with defence. Even in government and financial institutions, this is often not implemented 100%.
Just look at the research conducted by Microsoft itself: https://techcommunity.mic…ow-publish/ba-p/1061397 I was shocked by the numbers.
- Average 40,000+ permissions in O365 environment
- Only 1% of permissions are actually opened/used
- More than 50% of people have the right to all documents.
Or from Varonis’ research: https://www.varonis.com/blog/geneative-ai-security
- Over 40 million unique permissions
- More than 113,000 sensitive records were shared publicly
- 27k+ sharing links
Here lies the danger of artificial intelligence like CoPilot. This carefully looks at the limitations of the person using it. But if it has no limits or if the user limits are not well defined, you will have a big problem. It is a problem that is not immediately noticeable, but will suddenly become massive when using artificial intelligence.
My advice to all companies is to disable copilot in policies now. For Windows, Office, and Azure, to make sure they’ve got their classification and rights structure right. (I’ve long been happy that CoPilot has automatic limits on Tenant and doesn’t collect co-tenant data or that things shared with another party via guest access are available to CoPilot from that other party)
[Reactie gewijzigd door SunnieNL op 2 oktober 2023 11:05]
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”