top of page

Securing Copilot in Health & Life Science Orgs


Cyclotron’s Security Practice has conducted many enterprise deployments of Copilot for Microsoft 365, helping clients ensure data is secured for use with AI solutions. Our company has developed a robust framework for Copilot deployment spanning change management, collaboration, and security. In this blog, we’ll zone into what security considerations should occur during a Copilot deployment.

This blog post is intended for healthcare organizations building a strategy for Microsoft Copilot.

Nathan Berger

Director of Security


What’s the risk of Copilot?

The risk of Copilot for Microsoft 365 lies in its capabilities to overexpose sensitive data to the wrong internal audiences. Copilot is much more capable than existing search functions – it’s able to collect & assemble disparate information in easy-to-read format, citing company data and creating plain language results based on organizational context.


Think about the following scenarios that employees might abuse Copilot:

  1. An information worker tries several cleverly worded Copilot prompts to obtain PII or health records of patients, and eventually tricks the service into providing this info from an overexposed SharePoint site. He discovers this information was exported from EHR systems and unintentionally placed in a broadly shared site.

  2. A marketing team member prompts Copilot about company financials and receives confidential information from the Copilot result detailing undisclosed financial data from an overshared folder.

  3. An intern uses Copilot to prompt for intellectual property to copy for his personal use, and finds it stored in a Teams site he didn’t know he had access to until Copilot sourced data from it.


Each of those malicious activities are enabled by the incredible intelligence from Copilot in Microsoft 365 to scan any repository of data a user has access to, and the ability to cleanly generate the exact answer to a user’s question in succinct format with references.


Most DLP efforts focus on external DLP; securing Copilot is an internal DLP effort.


Health & Life Sciences organizations deal with unique challenges for data overexposure. We've worked with clients that tightly control blinded & unblinded data in studies; orgs with massive databases of health records they need to ensure don't leave the org, even in an altered format; and clients with tightly controlled proprietary health device designs that require special attention.


We want to enable every HLS organization to use generative AI - the productivity value is astounding! However, we must keep client data secure throughout the deployment & long-term operationalization.


How does Cyclotron deploy Copilot securely?


Cyclotron employes three concepts for protection activities during client rollouts:

1.       Remediation activities: We focus on addressing existing data overexposure that grew in client environments for years, such as removing overexposure on large repositories, overshared SharePoint sites, sensitive files on Teams, stale content, and more. We also leverage advanced detection capabilities for healthcare records and healthcare information at rest to lock down access for existing content & future sharing.

2.       Proactive activities: We help prevent data overexposure before it occurs, such as locking down site creation to only approved members or processes, ensuring new sites or groups can’t easily be overshared, and implementing retention policies to address stale data in an appropriate timeframe.

3.       Reactive (or Operational) activities: We help train systems to alert and respond to Copilot misuse related to data overexposure or appropriate use. We implement sensitive topic blocking, content filters, alerts on sequences of suspicious activity following a Copilot prompt, and more.


Securing data from internal misuse is a major challenge for all clients.


To address these issues, Cyclotron leverages the best out of Microsoft technologies such as:

  • Microsoft 365 E3, providing basic Purview features:

    • Data Loss Prevention to prevent total access to highly sensitive internal files in shared repositories.

    • Sensitivity Labeling to ensure content is appropriately marked.

    • Audit Log & eDiscovery for manual Copilot activity reviews.

    • Microsoft 365 application controls in Teams, SharePoint, OneDrive and more that can ensure data won’t be misused.

  • Microsoft 365 E5, enhancing data remediation with advanced Purview automations. Although the features are extensive, here’s a few relevant examples:

    • Advanced sensitive data reports for DLP including names, addresses, and many ML classifiers (financial, tax, legal, contracts, etc.).

      • For healthcare orgs, advanced detections are essential. The ability to detect health & medical records, exact data types, and leverage machine learning provides massive visibility to overexposed data.

    • Enhanced location coverage to protect Teams chat & channel messages.

    • Enhanced Sensitivity Labeling with automated encryption & granular exclusion from data access.

    • Insider Risk Management policy to detect malicious sequences of data exfiltration events stemming from Copilot use.

    • Communication Compliance to ensure appropriate language & topics of Copilot prompts

    • Much more across data governance, auditing, information protection, and compliance.

  • SharePoint Advanced Management, a recommended add-on to accelerate SharePoint data remediation efforts with:

    • Advanced, automated reports for the most overexposed content.

    • Ability to inherit sensitivity labels onto files stored on a classified team/group/site.

    • Ability to control internal content sharing settings on a per-site basis.


Frequently Asked Questions

Let's address some common client questions about this project:


How do I exclude files or sites from the Semantic Index/Copilot?

Microsoft hasn’t built any new permissions systems for Copilot; rather, the Semantic Index (a fancy term to describe how Copilot understands data) uses existing permissions that can be enforced using Purview. Microsoft recommends existing capabilities in Purview and SharePoint to secure your environment.


Am I secure if I already rolled out most Purview features?

Probably not! Most Purview efforts are focused on external DLP. Copilot raises internal DLP concerns, which means new strategies and policies are required, different from your existing policies.


Do I need E5 features, or can I be secure with Microsoft 365 E3?

You don’t need E5 to roll out Copilot, but E5 features reduce the manual security work by about 80%. E3 features also don’t include many Reactive or Operational features, meaning your malicious users will abuse Copilot features without your knowledge far more often.


Can I use a different DLP stack to secure Copilot use?

Probably not. We’ve assessed our client environments & DLP solutions against third-party DLP solutions, and our security consultants’ group consensus is that Microsoft’s DLP systems protect Microsoft 365 better (faster, more comprehensive, more integrated) than other DLP systems we’ve seen.

An easy example of this: most third-party DLP systems don’t have robust detection of machine-learning powered sensitive information types, such as full names & physical addresses. These don’t often span Exchange, SharePoint, OneDrive, Teams and Endpoints with always-on, comprehensive scanning, which are all relevant to securing data used by Copilot and ensuring appropriate use on the endpoint after using Copilot results.


 My org isn’t ready to buy E5. What should I do?

You don’t have to buy the full M365 E5 license to use the relevant features for securing Copilot. It’s very useful to leverage E5 Compliance (recommended for full protection), the part of E5 relevant to this effort. E5 Compliance is about half the cost of the move from E3->E5 licenses. I wouldn’t recommend any lower license, as you’ll miss proactive & reactive protections.


Should we delay a Copilot rollout to address security concerns?

No. It's good to prioritize remediation activities first, but all 3 categories (remediation, proactive, reactive/operational) can likely be implemented in parallel with a Copilot deployment. There's a balance between prioritizing security and ensuring users receive features quickly, and Cyclotron sees these as activities that can happen together, rather than one after the other.


How do I get Cyclotron’s help for free?

Microsoft sponsors Cyclotron to provide free readiness assessments (and in some cases, full deployments) for eligible enterprise clients. Reach out to steve.ellson@cyclotron.com for eligibility requirements and to get started.

52 views0 comments
bottom of page