Hello everyone!!
The truth is, I was wondering whether to start this blog (the introduction post doesn’t count) by explaining a bit about its purpose, what you’ll find here, and all that… or just dive straight in. In the end, I decided to do a bit of both. I think this title is perfect for the first post because it allows me to introduce what this blog is about and start opening the discussion on what we’ll be exploring in future entries.
Thing is, every day we have more information, more documentation, and more and more creative ways to organize and access it.
Flashback mode on: 20 years ago, information was stored on a NAS, organized in folders, and accessed via the corporate network. It was easy to control, most devices were desktops, everyone worked in the office, and hardly anyone had a personal device to access information. Sure, someone could take data home on a USB drive or a floppy disk (and pray it arrived safely), or send it via email, but carrying out a massive data exfiltration was relatively complicated. Access control was fairly simple, and if something got leaked, it was usually easy to track down who had access and might be responsible. Some document management systems were beginning to appear, but they were mostly local environments, with very few accessible online, making them more «manageable.» And, worst case scenario, you could always walk into the data center and unplug the cable (don’t try this at home, folks…).
Nowadays, things are very different. Most information is in the cloud, often stored in remote locations we don’t have physical access to, managed by hyperscalers (Microsoft, Amazon, Google, etc.). This makes data governance much more complex. On top of that, vendors are now providing users with AI-powered tools, making data governance even more challenging. But enough complaining, we’re here to learn how to do things right in this «new reality.»
And that’s why I think the title fits perfectly to explain what this blog is all about. Especially with the rise of generative AI, information security is more crucial than ever. As that old Pirelli ad used to say, «Power is nothing without control.» But we need the power, we can’t just block the deployment of GenAI solutions or prevent users from utilizing the data at their disposal. After all, why have the data if we’re not going to use it?
So the challenge is clear: we must establish the right mechanisms to ensure that data utilization and generative AI are as secure as possible. And that’s what this blog is going to be about, the capabilities available to monitor and control this new wave of technology that’s here to stay. These tools are incredible, but like any tool, they can be misused.
What are these capabilities going to be? Basically, we’re going to focus on Microsoft environments, especially Purview. We’ll cover everything from the most basic DLP tools to more advanced solutions like Insider Risk Management and Communication Compliance. But my goal isn’t just to show you how to configure these tools, I also want to help you navigate the challenges of working with legal, compliance, and HR teams to ensure the successful deployment and configuration of these solutions.
I think this gives you a good idea of what you’ll find on this blog, and I hope you find it useful.
Best regards!
Lo AsegurarIA 