Evaluate Corsica Technologies on Consulting

We want to see really strong data governance, management, and documentation prior to to rolling out Copilot. Educate people on on how to use Copilot. Build relevant content to show the the people that we turn on this tool for how to use it. We'll jump right into this. You know, I think I I say this every time I talk about AI. It's on everyone's mind. It's in the news. We see it. We hear about it. And I get asked on a weekly, if not daily basis, you know, how are other businesses using AI? How do they plan to use AI? AI? What should our strategy look like? We also see that that a lot of companies have turned on Copilot. It's interesting. About thirty percent of the folks on this call are using Copilot in some fashion. So many have turned it on. It's easy to buy a license. It's super easy to to get something started. What I'll tell you I see is it's the new shiny object. It it gets used pretty heavily for a couple of weeks and then starts to slow down in its use. I'd say that there's a lot of people that that don't know how to use it effectively, don't know what they don't know about what Copilot can do to to help them. And, you know, most, if if not all, I would venture to say haven't really prepared for the risk. So, there's a lot of confidence that that Copilot is protecting our data as we're searching, but there's some other there's some other opportunities for us to better prepare and better protect our sensitive data as we use Copilot. So thinking in in terms of Copilot's main uses, I I wanna talk about it in in two different ways, and and I'm gonna focus more on one than the other today. And that is there there's one one aspect of Copilot, and I think this is the one most people are are typically thinking of and that's the productivity side. So this is engaging Copilot through Word, through Teams, on office dot com, through the Copilot app. And this is really all about producing more output more quickly. It's streamlining our our day to day activities. Examples that that I like to use of this is, you know, an HR team that needs to write a new policy can quickly get a skeleton of that policy out of a tool like Copilot and then edit it and and update it from there. I always include the code snippet part as a reformed programmer. I think how different my life would have been if I didn't just had have to Google how to do something, but I can actually ask a tool to write the code for me. And then on the automation and analysis side. So this is much more about creating flows, creating those repeatable, intelligent processes that can help us run our business better. I'm not gonna spend as much time on that today because that that's really a phase two as we look at what do we need to do to adopt Copilot as a business. Alright. So just thinking in terms of how does Copilot work and and what does it do, it's important to understand that that there's indexing that that has to happen. And the way that Microsoft has implemented this this tool, it's using a a semantic search that is going through and and indexing. And and really what semantic search is all about from a a really high level is about creating relevance and understanding between similar concepts so that when you ask Copilot for something, it doesn't just do a a word for word search. It it matches the the intent of what you are looking for and builds those relationships much like a person would. The example I like to to use is think of this as asking for food and somebody gives you an apple. They know that an apple is food, so they would provide that to you. In in traditional searching, you would say, you know, where is food in my documents? And it would return to you exact matches for that. It wouldn't find the related food items that are part of that. So semantic search is is really all around building that that conceptual understanding of your data. So so why does this matter? It it's important to know that, you know, right now Copilot is is indexing, as as Microsoft rules out, the semantic indexing, a number of different types of data. Your own user mailbox, of course, documents, PowerPoints, PDFs, and more and more types of data all of the time. This means that, you know, Copilot does not from a a risk and data exposure perspective. It doesn't give anyone access something that they to something that they don't already have access to. But what it does is it allows someone to find maybe what they weren't supposed to access, but accidentally have the ability to to see much more quickly. And and so, the example I I'd use there is, you know, you have an HR SharePoint. Someone inadvertently is given more permissions to that than they need. The odds of them finding that, and going out and trying to access it are pretty low. Asking Copilot a question that finds an an inference into one of those files that's been indexed could return to them a result that that you as an organization would not want them to have. That brings us to this topic of now that we understand, you know, what is Copilot doing behind the scenes with our our private data, What do we need to do to to get ready for that? So data readiness is is something that I think most organizations that are using Copilot today have not gone through a data readiness exercise. And and it's it's easy to skip this step. Copilot is interesting. It's easy to to implement and turn on. And we may be inadvertently exposing our our company data or providing people access to data that that we didn't mean to. And this goes across multiple different types of data sources. So the the way we recommend starting with with the Copilot exercise is to to go through this data readiness process. And and that's really to go through and identify what are my sources of information that I want Copilot to have access to. Review those for for quality. And and the reason this matters is, you know, AI is is great. The the semantic search is is really powerful, but it can't it can't do it can't do miracles. So if we have bad data, bad structure, inconsistencies, that is going to affect the output, the quality of that output. And then we wanna we wanna enrich and enhance that data. So we wanna add additional context to the most important piece of the data. Where this really matters is is not so much in in a word document, but as we start to to see Copilot dig more into the analytical pieces of data as Copilot's capabilities expand into Excel documents, into, other types of systems, it's going to be very important that we create the right kinds of metadata that allow Copilot to make those inferences in in data relationships. And then lastly, we have to to protect and secure our data. And and this, by the way, doesn't just apply to Copilot. It's really important that that we start to put controls in place early on that protect our data from from being sent out through an AI tool into an an area where we may not have control over it. So what does this data collection process look like? It's really important that that we start with really reliable cloud services. So so we want to choose where those are stored. And, as much as we can consolidate that as an organization, it's it's really critical. So we certainly work with organizations that have data in multiple cloud services. As much as possible, try to standardize on SharePoint and OneDrive. Or if you're a a Google shop, stick with with the Google Docs structure. Don't introduce SharePoint, OneDrive, Google Docs, and Dropbox. We see that. And and what that is is that's a recipe for a loss of control of data. And create this this inventory. It's important that that we start to reduce the duplication of data, that we put it in a structure, and create a map of of where our data lives so that that we have a strong handle on that. And understanding where where our data lives, it it moves us into the the next phase of of what we would recommend to be Copilot ready. We have no shortage of of data sources. And, you know, as business decision makers and and those responsible for our company's data and information technology, it's it's really important that that we start to think about this differently than we've thought about it in the past. Our data no longer lives behind the firewall. It lives in different SaaS applications. It lives in these different sources of cloud storage. It is a a very broad set of of data, and and that means that the opportunity for us to lose or compromise that data is is greatly increased. And and that's why we would recommend implementing a a DLP or or data loss prevention system as part of a copilot rollout. So we've taken our data. We understand where it is. We've documented that. We have a good handle on. We don't have a lot of duplication of data. We wanna start this process that that says we wanna put some governance around our data. And, you know, on on one of the slides earlier, there was a a a little note that said, you know, Copilot will honor types of labels, sensitivity labels on on data. And I I think this is a really important concept for us to to think about when we deploy a a solution like Copilot that that enables rapid search and collection of of data and presentation to users very quickly. We need to to get a governance and and data loss prevention plan in place. And so what what DLP is is it is the process of safeguarding the sensitive data against unauthorized access, but more so breaches. And and when we think of breaches, it's it's where does this where is this data going? I think if if we were to to have a poll that that said, you know, how confident are you today that no data left your organization that shouldn't have? My guess is that there wouldn't be super high confidence. So it it also protect protects against, you know, unintended deletion. Now now notice it doesn't say unintentional, but it is protecting us from the loss of data that may contain confidential information. And then it also helps us as we need to comply with privacy and security regulations, and and there are certainly more of those on the way. So this is a great chance to talk about a solution that ties right into how Copilot works, and that's that's Purview. This is Microsoft three sixty five's DLP solution. It's actively being updated and and released, including the AI hub for, Microsoft Purview. And and what the AI hub does is is it not only tracks the usage of AI from a Copilot perspective, but it has plugins that allow you to control and monitor AI usage in other third party tools, and and we'll talk more about that. So this is this is around a governance service, And the natural next step in in us moving our data to the cloud and to these multiple sources is that we can use a tool like this to discover catalog map and then manage and identify the risks over time. So a couple of these examples are are the use of of encryption and sensitivity labeling. These sensitivity labels are really valuable to classify information and have a sensitivity level. This requires some work as an organization to identify what are those sensitivity levels, what applies to those. But what's great about the AI Hub as part of Purview is that it takes some of the manual work that went into DLP solutions in the past out of the hands of of the administrator. And so it's able to to start to identify on its own the PII, the the types of information that we wanna make sure that we protect as an organization. So moving on to the the next piece of this, which is is really around how do we use a tool like DLP to to ensure compliance. We can put a compliance framework in place through Purview that that helps enforce the use of that throughout the the journey along kind of this data discovery mapping and protection path. So to summarize what we're at today, we want to see really strong data governance, management, and documentation prior to rolling out Copilot. So what what do we need to do to to monitor and and then ultimately train our teams around, you know, awareness of the data implications here as as well as how to use these AI tools. So first, you you know, usage monitoring in in system logs. Right? This sounds like we're talking about the the same platform of, you know, five, ten years ago for for those of you in the security space. But but this is a a much different process today. We don't have a central location where we can monitor the exfiltration of of our data from. I it could happen from anywhere from on a mobile device to, a third party that that we might not even be aware that our team is using. And so leveraging those tools, I mentioned AI Hub is is a great example that that has browser plugins and other capabilities to to really start to watch the movement of our data from our various systems and and start to collect profiling and and understanding around where is that data going. Because, you you know, the approach that that we don't wanna take as a business is is Corsica, and I I think most of our our clients and and most of you are probably the same way. We don't wanna just turn off these productivity tools. We want to equip people to to be able to use them, but to still be able to to protect our organizations. And so starting to to roll out this plan of data understanding, data monitoring, and then, you know, adoption of Copilot and other AI tools is is a really important part of that. And then some proper training. So so here's here's one of the biggest gaps that I see in in Copilot usage is a lack of understanding of what is Copilot capable of, and where should I spend my time using it. It's fun to go have it write some poetry. Those are the the things that that I think people like showing off. What can AI do? But, ultimately, we we wanna use this as a as a multiplier in our productivity. And and so what are the right places to use that? And so having proper training that that helps people use Copilot responsibly, I you know, I feel like that's kinda like the the IT, you know, safe answer. But but, ultimately, what we wanna see is we wanna see our companies make more money because we're using AI really well. And when I hear a business decision maker or or an executive ask me, how should we be using AI? That's the easy answer. It should be a a productivity multiplier. And if it isn't, then we haven't properly trained our teams to be able to use it. And so what what we don't see a lot of is the interactive training of let me show you how to use Copilot effectively in your role as a finance leader or in your role as a customer service adviser or on the front lines. And so we really encourage organizations take the time to build the training, to have the training, and show people what this is really capable of. And then also show them what are those those pitfalls that that they could run into. Where are the places not to go, and where should you not use AI in terms of areas when it comes to to matters of legal advice of human resources? There are areas that that we know we don't want departments to use AI. So this this gets into to developing these best practices. All organizations today should have an internal policy around the use of generative AI tools. If you don't have one, we can certainly give you a AI generated template to start with. Just kidding. We have real documents we can can help you leverage to to get these in place. And and these really hit two different avenues. One is what's what's our acceptable use of AI tools within our organization? How does it fit into our values and our culture? The second piece is where are we using AI that touches our customers, and where should we disclose that? So those are the the two kind of policy related items that that we typically recommend. Educate people on on how to use Copilot. I had a whole slide on it, and then I brought it up again because it's just so important that we build relevant content to show the people that we turn on this tool for how to use it. And then we need a process. So Copilot is one piece. Today's mostly about Copilot, but there there has to be a process for approving, implementing, and then monitoring these tools, not just AI tools, but all of these SaaS applications. If we've gone to the trouble to inventory to understand, now we need to put some controls in place so that we can keep up that documentation. Documentation is only as good as our ability to maintain it, and so we need to we need to have that as part of the governance around our organization. And then we need we need our executive teams to be talking about these things at the executive and board level. This is not an IT issue. Protecting our data, proper use of AI, and how do we responsibly use these tools going forward is a discussion that that should be happening across the organization. It it needs to be built into part of the culture of who we are. And, when when someone asks, you know, what are the ways that we should use AI? You you've gotta get into the the culture of the business. Where where are the values of the business that require human interaction? Where can we automate things or use AI? What are the expectations? You know, I mentioned that this transparency around, you know, those those two parts. I'll I'll just say that one again too because I think it's really important. Most people expect in in while there's no legal requirement today, we expect there will be legal requirements to to provide transparency around AI usage. So best to start with that. If you're using it in your organization today, especially where it touches folks outside the company, but even inside, we need to make sure that we're disclosing that. So let's review. Document and secure our data first. Gain an understanding of of what we want to do with conversational AI. The productive side, start there. We haven't even turned on a Copilot license yet. If you wanna do that in a limited fashion so for folks to use, I I think that's okay. But organization wide, we have to be thinking about how are we going to deploy this more broadly, and that requires us to take these couple of steps first. This gets to then, I'm ready. What do I start to do? The licensing and Copilot's first, integrating Copilot into your workflow and how people work. This is something that that we have consistently seen needs help. People tend to to get a tool like Copilot and they kinda poke at it for a while, but they don't necessarily integrate it into the way they operate. If we wanna fully leverage AI, we have to build it into the workflow for each department. And as technology leaders or or stakeholders, we need to ensure that these tools that that we're deploying are being fully leveraged and utilized by our teams. And then you have to provide feedback. The this piece, I I think we're all used to only providing mostly negative feedback in in general when we interact with a a tool or a third party. It's really important that that we provide the feedback through the mechanisms built into AI. It learns from those interactions.