AI tools have certainly swept the working world in recent years offering time savings and impressive capabilities as built-in virtual coworkers. But, in the rush to adopt AI tools, data governance foundations can get left behind, with potentially drastic consequences.
Gartner predicts that by 2027, more than 40% of AI-related data breaches will be caused by the improper use of generative AI, whilst 48% of IT and business leaders cite data security as their top concern for AI implementation.
What are the key considerations for data governance when adopting AI?
From the viewpoint of deploying AI, the key considerations are data quality, which can include data access and security along with ensuring the data is up to date and relevant to give you the best results.
You also need to ensure that you continue to meet any regulatory or compliance needs around data retention. Spending time creating a tailored framework to address these is time well spent.
What are the risks in AI adoption?
One risk that we have seen many organisations encounter is over provisioned permissions or sharing. With the fantastic ability of AI to find information on your behalf, this has highlighted where data access controls may have had gaps previously. Before AI, this was not noticed as the data was not easily searched for or surfaced. However, in the AI age, this becomes much easier.
The second biggest risk or concern we see is around the lack of visibility of AI use, particularly when it comes to unsanctioned or unknown AI tools. Shadow IT is always a concern, but when it comes to AI, the tool’s ability to gain access to sensitive data becomes even more of a concern.
36% of IT and business leaders say a data breach caused by AI making a mistake is a top-three concern.
How can data be at risk without proper AI adoption and governance?
The principles of Zero Trust are fundamental to a robust security strategy, and one of these pillars is least privilege. In light of AI accessing your data, this principle needs to be applied not only to the access privileges of members of your team – but the tool too.
Without robust security policies and data security tooling, your organisation may be at risk of employees surfacing sensitive information or accidental oversharing data internally or externally. Similarly, you also face the risk of employees sharing company data with unsanctioned AI tooling, without the watchful eye of your security team and tools.
Aside from security risks, a lack of data governance can also put the success of your AI deployment at risk too. In the case that incorrect data is retrieved or used by the AI tool, the results may be incorrect, incomplete or misleading – eroding confidence in the adoption and hampering your rollout.
What are the pitfalls of data governance?
Data governance for AI while vital, can be anything but simple. Some of the guardrails although technically easy to enable, can feel daunting in implementation as it can impact peoples everyday workflows. For example, labelling and retention policies.
Defining the framework or controls for your data governance requires careful collaboration with the wider organisation to understand the requirements and impacts of any policies. Avoiding disrupting the work of your team whilst implementing robust policies can be a time-consuming balancing act, particularly without the support of a data governance partner.
What are you seeing in the industry as a result of poor data governance in using AI?
In the rush to adopt AI, we’re seeing a sort of tug of war between those keen to implement AI into their workflows and those concerned about the impacts or controls on their data governance. Whilst AI tools like Microsoft 365 Copilot can offer some impressive improvements to employees day-to-today work, the data security considerations are fundamental in the adoption of any AI tool.
We’re also seeing a lack of data governance causing unexpected errors or inaccuracies in the outputs of AI tools, causing employees to question the value of the tool and hampering adoption programmes.
What are the key tools in data governance for AI?
When looking at the Microsoft ecosystem there are a number of tools to support data governance for AI.
SharePoint Advances management, which is available as part of Microsoft 365 Copilot and offers a suite of tools to bolster content governance.
Key capabilities from Microsoft’s data security powerhouse – Microsoft Purview – are also incorporated within Data Security Posture Management for AI. The tool provides easy-to-use graphical tools and reports to quickly gain insights into AI use within your organisation. Plus, one-click policies help you protect your data and comply with regulatory requirements.
Also often overlooked are the day-to-day controls of permissions and access. By having good permissions and access principles it can head off a lot of issues and can instil good access hygiene habits. With the rise of Agentic AI, tenant and environment level permissions for creating, publish and using AI agents are important to understand and enable.
Download our Guide to Data Security in the Age of AI
Do you know what kinds of sensitive data you have and where it lives? In this guide, we’ll explore the key pillars of data security, what you need to know and how you can get started.
Where should organisations start in implementing data governance policies?
I would always recommend starting with understanding the current maturity of the environment you want to implement AI within. Understanding the lay of the land in terms of your data governance policies is an essential first step in establishing how extensive a project you have on your hands.
From there, enlisting an expert partner can offer essential support to organisations without an extensive IT team. A technology partner like Transparity will bring not only extensive experience in delivering data governance policies but also frameworks to ensure you find the right balance of solid security without locking your team out of much-needed documentation.
Being able to demonstrate having the right framework for data quality and access control to your organisation will instil confidence in moving forward with your AI adoption efforts.
Data governance for AI
As AI becomes increasingly embedded in our workplace tools and processes, data governance has to move from an afterthought to a fundamental priority. Without the right policies, access controls and monitoring, organisations risk both data breaches and compliance failures, as well as flawed AI outputs that undermine trust and adoption.
The good news? With the right framework, and the right partner, organisations can confidently embrace all AI has to offer while protecting their more valuable asset: their data. A strategic, well governed approach now will pay off in the future ensuring AI delivers on its potential, without compromising security or compliance.
