The BCN Podcast
Keeping you up to date with Microsoft, IT trends, and business technology. It's everything you need to know about leading business technology to stay in the loop.
The BCN Podcast
Navigating AI with Data Security in Mind
AI is becoming embedded in everything we do. With 75% of businesses now using artificial intelligence and over 80% of people incorporating it into their everyday lives, organisations face unprecedented security challenges that require immediate attention.
Reece Gohil and Johan Venables join the BCN podcast to navigate the complex landscape of unauthorised AI use in business environments. They reveal why simply blocking AI tools isn't a viable solution and how businesses can instead establish effective guardrails that protect sensitive data while still enabling productivity. Through real-world examples—including one shocking case where an employee searching for their payslip accidentally discovered everyone's annual bonuses—they illustrate why proper data governance must be the foundation of any AI strategy.
The conversation explores Microsoft's approach to supporting businesses through this transition, highlighting how tools like the free Copilot Chat can provide immediate productivity benefits with enterprise-grade security. Listeners will gain practical insights into conducting AI readiness assessments, identifying high-value use cases across departments, and implementing governance frameworks that balance innovation with protection. Particularly valuable is the discussion around Microsoft Purview's capabilities for tracking unauthorised AI use and managing internal data risks—a crucial consideration that many organisations overlook in their AI planning.
Whether your business has already embraced AI or is just beginning this journey, this episode delivers essential guidance on keeping your company data secure without sacrificing the competitive advantages that AI offers
Hello and welcome to the BCN podcast. Today we'll be discussing the rising security risks of unauthorized use of AI in the business space. And, before we delve into it, this is a follow on to previous episodes where we looked at AI trends for 2025, how businesses are using this in the business use cases, and not how all AI is equal. So this is a great follow on just to highlight some of the challenges, concerns and risks that we're seeing out there that businesses should be familiarizing themselves with and, more importantly, educating their staff. With me today I've Reece Gohil and Johan Venables, who are both Microsoft specialists within our Reece manages the relationship we have with Microsoft closely to ensure that we're working in accordance with their strategies, best practices and making sure that our clients are adopting their technologies as efficiently and cost-effectively as possible. And when we've got Johan, who's sort of spearheading the AI adoption policies and processes that our clients are working with. Gentlemen, thank you so much for joining me today on today's conversation. Reece do you want to quickly introduce yourself to our audience?
Reece Gohil:Great stuff. Thanks, pete, appreciate you having me on. So Reece, Gohil, so I'm our Microsoft Alliance Manager stuff. Thanks, pete, appreciate you having me on. So Reece, Gohill, so I'm our Microsoft Alliance manager here at BCN Group, so I manage the partnership and relationship between us and Microsoft, one of our most strategic partners.
Peter Filitz:Excellent Thanks, Reece So much for joining us. Good to have you, Johan.
Johan Venables:Yeah, sure Thanks, pete. Johan Venables I, johan Venables. I'm a cloud consultant specifically focusing around the Microsoft 365 suite as well as the productivity side of things, and I've been tasked last year, when Copilot got released, to help and support businesses for the adoption of AI, and throughout that whole journey it was quite exciting. Everyone wanted to get access to co-pilots and we encouraged clients to do that. But every topic was around data security and businesses had to really look and focus on getting their house in order, put security measures in place before they can even start using AI. And this year we're just seeing data security being the hottest topic, where last year, all the meetings I had with customers was purely around AI. This year it's just data security being the hottest topic. Where last year, all the meetings I had with customers was purely around AI, this year it's just data security. So I've nicely fallen into that sort of role where I'm now supporting customers with the data security sites and helping them in guiding them with safe use of AI tools.
Peter Filitz:Perfect. Thanks, Jan, for joining us and sort of setting the scene. I think it's fair to say that, as we all know, AI and its use in businesses today is ramping up at a phenomenal rate. I saw some really interesting stats last week that Microsoft kindly shared 75% of all users in the SMB space are using AI and over 80% of people are using AI in their everyday lives. So you know, the adoption has been phenomenal. It's been the biggest uptake in history and it's fair to say that it's not coming. It's here. So, with that being said, obviously. So, with that being said, obviously, it does highlight some challenges and concerns that businesses need to be made aware of, specifically making sure that they've got guardrails in place, policies and AI councils established within their businesses to ensure safe and compliant usage of AI. Johan, I guess, based on your experience, you've come across businesses looking to embark on this journey, some who have started on a more haphazard approach without any formal planning. What are some of the challenges and trends you're seeing in these businesses?
Johan Venables:Yeah, so the first challenge that they have is understanding what AI tools people are using. It's a little bit difficult to do a discovery, to identify what people are doing with their data, where they're putting it, whether it's AI or just an online app. It's really difficult to track that. And another challenge is just with regards to locking down those AI tools and understanding the risks that comes with it. Now we see organizations. What they do is that when there's a new AI tool released and there's so many of them it's very challenging to keep on track with what AI tools are available, and what companies tend to do is they immediately just block it.
Johan Venables:Now, I'm not a fan of that approach because the thing is you're hindering productivity because there's so many good AI tools available out there, which some of them are free, and, yes, the risks are there by default.
Johan Venables:All these free AI apps are basically set to sort of train their large language models with your data and expose it to the public. If you're from an IT admin perspective, that is actually quite a nightmare, right. So to manage that as a task of its own, there's lots of concerns. So what people tend to do is they panic and block it, and then you sort of you know, hinder productivity because there's so many good tools you can, you know, use to boost productivity. But, but again, it's just educating staff safe use of AI and making them aware of the risks and guiding them and making them aware with constant workshop session, training sessions, by just showing them how to properly use these tools and then also governing it and making sure that you, from an IT security perspective, really look at the risks of these AI tools and then agree as a business what it is people can use and should not use.
Peter Filitz:Yeah, and that comes down to making sure that you've got those guardrails in place, because, as you say, you don't want to hinder productivity and progress, so to speak.
Peter Filitz:As we've seen before and covered off on previous podcasts, there are many different AI tools and models out there, all which have specific use cases and functions, but you do need to make sure that you've got the required measures in place to protect the company assets, the company information and, obviously, its continuity, because we're seeing AI being leveraged for cyber attacks now as well, so it is a cause for concern. So Setting up a governance framework is essential, and then, looking, obviously, at the tool set at your disposal, which Microsoft has available to help businesses build out the structure, so to speak, to support that and I guess, Reece, maybe more one for you Microsoft is also obviously putting their hands in their pockets to help businesses on this journey for getting ready for this adoption. And then also looking at the whole security aspect, do you want to talk to us a bit about the Microsoft approach and what businesses have now available in terms of support?
Reece Gohil:Yeah, absolutely Pete.
Reece Gohil:So I think, end of the day, microsoft see this as obviously the progression and there's a lot of support available to you.
Reece Gohil:But I think the important thing is, as Johan was talking about, is what the value you're going to get off the back of these AI tools and actually, therefore, it's all about the adoption and understanding how you can get the most value out of these AI tools.
Reece Gohil:You know staff are already using AI tools to drive productivity and efficiency for their personal use, but actually the most important thing is what business value you're going to get from these AI tools is what support is actually going to drive the overarching business and the board and what they're trying to achieve. And therefore, that's why Microsoft have heavily invested in supporting customers on this journey. And it's all about starting with the right approach and understanding your use cases, what revenue you're trying to drive, what cost efficiencies you're trying to drive, whatever it may be. And that is where Microsoft can come in and support, alongside partners, to understand what are your requirements, what pains and challenges you're currently seeing, and what AI tools out there available to help drive and overcome those challenges. And that's where Microsoft can come in and look at things like providing funding options to look at the use cases and look at that out of the possible of what is available from Microsoft 365 Copilot, for example, what is available today and also what use cases are going to be for your business.
Peter Filitz:And it's great to see that Microsoft has recognized the need for that and their obligation, as the provider of these tools, to ensure that they are used, implemented, monitored and controlled in a fair, ethical manner for the relevant industries.
Reece Gohil:I was just going to say it's in their interest at the end of the day, isn't it?
Johan Venables:Yes.
Reece Gohil:If it's $30 a user a month for this license, you need to be making sure that you're getting the value from it.
Peter Filitz:So it's in Microsoft's best interest to help support you and making sure that you actually can see that good return on investment on that yeah, and Johan, I know you and the team have obviously been working quite closely with Microsoft as well, and, based on the experience we've gleaned over the past, what's it been almost 18 months now since Copilot was first released in creating a Copilot readiness approach that helps businesses articulate that journey, identify the goals and really get started. Do you want to walk us through just at a high level goals and really get started? Do you want to walk us through, just at a high level, the approach that we're taking with businesses and what measures we're looking at to help identify some of these security challenges and bring more awareness, so to speak, to the wider audience in terms of what they should consider when embarking on this digital transformation?
Johan Venables:Yeah, sure. So in the last year we've obviously learned a lot and we've seen all the pain points that our customers have for testing and trialing co-pilots. The feedback we got wasn't really that good because it was all down to training and down to data quality. So a lot of businesses got quite frustrated because they want to get onto that AI journey as quickly as possible but they need to get obviously their housing order first, which can be a time-consuming project depending on what sort of state your data is in and what sort of security services you've applied around that data. So what we've done is a step one approach. We've launched a webinar session that we can host during a lunchtime or maybe on a Friday afternoon for all the staff in the business to join the session. We look at inspiring staff to start using Copilot Chat because, as you know, copilot Chat is free. It's available to everyone with a Microsoft 365 subscription and we want to help them gain immediate productivity with using the sort of free version of Copilot 365. And with Copilot Chat, when you sign in with your 365 account, it's secured. You'll see it as a green shield, so it means it uses enterprise-class security to protect any information you add into Copilot Chat and we demonstrate that and we explain to staff the safe use of AI. We cover off all the other third-party tools where we show them the risks and we sort of explain to them how to use it in a safe way and not to use sensitive content or any company data within these platforms. We generally just explain to them to generate new content from that platform but don't put any data into it. But then we show them the sort of use cases in Copilot 365 chat you know the free version basically to show them how you can record a meeting transcript, how you can then easily upload it to Copilot chat, to summarize it and show them a couple of quick tips and tricks on how they can immediately gain productivity with Copilot chat.
Johan Venables:And then, once we've set the scene, we then switch over to Copilot 365, what it's like to have the full embedded Copilot within your Office applications. Because you know there's a slight difference between Copilot Chat and Copilot 365. Copilot Chat, you need to manually feed the data and then copy the content out of it and then paste it in a document or a spreadsheet and then you need to reformat it, where, with Copilot embedded in your apps, there's no need to go backwards and forwards between the two applications, because it's inside your applications. You can generate that content. It indexes your data, it learns your data, understands your data and you can easily search for documents or files or information within Microsoft 365. So once we finish a program, we then challenge everyone to go and have a play with Copilot Chat, get familiar with it, understand the importance of prompt engineering and then, while staff go away, start using Copilot Chat. We then start doing the housekeeping work.
Johan Venables:So we work with our customers to do a data assessment. We review where they are at with their digital transformation. Are they fully embracing the productivity stack? If not, we will then build a roadmap for them to get them into services like OneDrive, sharepoint Teams. If they're fully embedded, then we will look at usage reports. We'll help them identify staff that's sort of thriving within that space. So we'll pull usage reports for those who's sending a lot of emails, attending a lot of meetings, generating a lot of content in SharePoint, in OneDrive, and those are the sort of people that you want to empower with Copilot to help and save them time so that they can do more and be more productive.
Johan Venables:And then we'll also do a review of their data, highlight all the risks, show them the information that's overshared in the business so we can identify what links people have generated to share content, whether it's with anyone or people outside of the organization or the entire organization. We'll identify where sensitive content is stored and that could be anywhere within emails, within OneDrive, within SharePoint, teams, conversations, everything within Microsoft 365. We'll then highlight the risks and then work with them on a plan to then tighten up that security where we look at a service called Microsoft Purview to sort of support them and lock down sensitive content within the business so it doesn't get exposed to people who should not see that data. And we talked earlier about you know, sort of the risks about third-party AI tools. But there's also risks with Copilot People getting exposed internally with sensitive information they shouldn't see, because look the way Microsoft Copilot works is it uses semantic indexing and then it's got access to all the data within a tenant that you as an individual have access to.
Johan Venables:It won't give you access to documentation, you know, if you don't have access to it, but there may be that someone in finance has overshared a very important document or a spreadsheet. I'll give you an example, and this is actually a real example. We had a customer where one staff member searched for his latest payslip and he then got access to that, but he also got access to a spreadsheet with everyone's annual bonuses, because that was overshared. So you also have that from an internal perspective as a challenge. So you know, yes, we can protect data from AI tools, but you also need to protect it from Copilot, because it's a very clever search engine. It will look for everything that you've got access to within Microsoft Graph thing that you've got access to within Microsoft Graph.
Peter Filitz:Yeah, and that is such a pertinent point there that, yes, I know we're primarily looking at unauthorized use of AI and the risks associated with company data, but it goes the other way too right, even with authorized use, there is an element of due diligence needed to ensure that your data is appropriately secured and locked down. Otherwise, it can pose a risk to the business in various shapes and forms. Now you just touched on Purview, and I know we've got another podcast coming up where we'll be delving into Purview in a little more detail and the benefits, the capabilities that this powerful tool brings to the scene. Are businesses tracking the use of unauthorized AI at the moment without purview, and are there ways of them being able to do it, or is it really very difficult?
Johan Venables:Yeah, there's definitely ways to do it. I mean, you could get network traffic logs that you can then basically export from your firewalls and your network switches, but that's a tedious task, it's very manual and you need to filter through all those logs to then look at what AI tools they are using and you need to know it all. You need to know what all the AI tools are out there and what they are called to also identify that. So it is a big task. It's also a challenge and you can miss something, yeah, so there's ways of doing it, but it's not a great way.
Peter Filitz:And just leading up to our next episode, Purview is one of those tools that you can use to track unauthorized use of AI.
Johan Venables:Absolutely yeah. So Purview is a data governance and compliance solution which is embedded within Microsoft 365, which nicely integrates with all your entire Microsoft 365 ecosystem. And you've got something called DSPM Data Security, posture Management for AI which gives you a set of tools to track what AI tools people are using in an organization, which gives you a good sort of view of all the AI tools, and it will also give you a risk score to show you the risk of these AI applications.
Peter Filitz:Well, that sounds very interesting and I think that in itself is an episode worth discussing, because it not only focuses on that element of tracking unauthorized AI use, but opens up a whole new avenue of capabilities for locking down your data and security. I think that sort of brings us to the end of today's conversation. I think there were obviously a number of key points. Just to summarize it, Johan, from your past experience, what are the key takeaways in businesses who are looking to start the journey or have started the journey? What are the key points they should focus on that can help them on their way?
Johan Venables:Yeah, I think it's identifying use cases for AI tools, understanding what people are using and then measuring the risks of these AI tools. Train staff, make sure they understand safe use of AI tools, constantly remind people not to use sensitive content with AI tools, as well as just look at supporting them with their adoption with whatever AI tool they use, whether it's Copilot or ChatGPT. Just support them with this journey, because it's a great benefit for the end users. It helps the business become more competitive in the market. I would say support them wherever you can, but make sure that you put safeguards in place to protect your company data.
Peter Filitz:Excellent Thanks, jan Reece. What are your thoughts?
Reece Gohil:I completely agree with Johan. I think, alongside obviously understanding the risks of rolling out these ai technologies, end of the day you've got to go back to what is the key reason you're trying to to leverage them. And I've seen it in the past and one of the things I've noticed in a trial rollouts, I say, is that quite often it's siloed, you know, within the it team or with senior staff members and you know the board, for example, trialing these out, these ai tools. You've actually got to go and look at getting champions within the entire organization, across every department, to understand each department's use case. And I think that is really important is making sure you do that stage rollout and actually getting to understand what real benefit, business benefit, you're going to get from that.
Peter Filitz:Excellent. Thank you, gentlemen. I guess my take from it is that you know AI is yeah. Trying to prevent your staff from using it is simply not an option. They will find ways and means of doing it. So, rather than preventing them, empower them, give them the knowledge, give them the expertise and give them the tools to work more productively and more efficiently. I think a great takeaway as well is Copilot Chat is free. It's available today. You can give your staff the tools they need in a safe and secure environment.
Peter Filitz:Come and talk to us if you need any help or assistance or guidance in terms of how you might start that AI journey, or you may have started it and it hasn't quite worked out as you had hoped. We can help you Reece. and the team have got direct links into Microsoft. We can bring them in to help assist with any challenges that you've got. Johan and the team have a wealth of experience now in working with businesses to overcome these challenges, so feel free to get in touch with us. Visit our website, bcncouk. There you'll find a wealth of information relating to the products and services that we provide. We're definitely here to help. On the next conversation we'll be discussing Purview, its role, its purpose, the capabilities it brings to the table, and if you are embarking on your AI journey or about to start, then that is definitely one you want to catch. Look forward to catching you next time. Don't forget to like and subscribe to our podcast. Thanks so much for joining us.