Companies have to navigate the tricky balance of minimising the risks of shadow AI while getting the most out of GenAI. The solution lies in the use of sanctioned tools that can be combined with targeted rollout measures to create a secure and efficient working environment.
Summary of the article
What are the risks of Shadow AI?
- Employees increasingly use unauthorised GenAI tools (Shadow AI), which jeopardises data protection, compliance, and corporate reputation.
- These tools store sensitive data and use it for training.
What are the reasons for careless use?
- GenAI tools are easily accessible, sometimes free, and user-friendly.
- The AI’s apparent ‘empathy’ fosters trust, even though the tools continuously collect and store data.
The solution: use authorised GenAI tools
- Companies should offer employees tested, secure tools like Microsoft 365 Copilot Chat.
- These meet data protection and compliance requirements.
Why successful GenAI implementation requires more than technology
- Technological implementation alone is not enough – change management and active support for employees are crucial.
- Awareness-raising and training promote safe use.
Discover the world of Microsoft 365 Copilot with Swisscom
We offer companies comprehensive support for all aspects of Microsoft 365 Copilot. We accompany you during the introduction and work with you to develop deployment scenarios.
The use of GenAI tools without the consent of IT departments, known as shadow AI or ‘Bring Your Own AI’ (BYOAI), endangers companies’ data security and compliance. This may damage their reputation. Unsanctioned applications do not offer sufficient protection for sensitive company and personal data.
In these scenarios, IT departments no longer have control over the data, which can lead to a variety of problems. For example, providers of unsanctioned GenAI tools may use the data to train their AI models on insecure platforms in countries with inadequate data protection regimes. The data might also be accessed by unauthorised persons.
Significant increase in shadow AI
As the use of artificial intelligence increases, so does the risk of shadow AI. According to Microsoft’s 2024 Work Trend Index, 80% of GenAI users are already using their own tools for work purposes. It’s important to understand that AI technologies are subject to the same regulations as other data processing operations, especially when it comes to personal data. This underscores the need for companies to strengthen their IT departments and ensure that they provide their employees with sanctioned offerings – i.e. GenAI tools that are secure, fall under IT governance and meet compliance requirements.
Why are we careless with GenAI tools?
Why do many employees use various GenAI tools with little apparent awareness of the risks? Factors such as targeted marketing, the unavailability of suitable tools in companies and a real lack of knowledge about data protection, compliance, artificial intelligence and more can lead to careless handling of technology, and GenAI in particular. Two other aspects also play an important role: ease of access and the impression of empathy from AI.
Easy and free access: GenAI tools are easily accessible via the web, appear to cost nothing and are extremely user-friendly – in short: they’re just plain practical. Users can fire off a question and receive a response just as fast, getting quick wins that support the daily workflow. In scenarios like this, they are focused on the efficiency gains and not on data protection. When tools are offered free of charge, users should always be aware that the data collected is part of the provider’s business model.
AI – the empathetic friend and helper: GenAI tools appear to be patient, extremely friendly and empathetic helpers looking to take the stress out of office life. The quick wins and positive user experience foster parasocial attachment and trust in GenAI tools. We often forget that these tools are continuously collecting and storing the data we give them. We can begin to feel like there are no consequences to sharing information with them – an assumption that entails considerable risks, especially in a business context.
Sanctioned GenAI tools for Swiss companies
Given the real challenges of unauthorised use of AI, tools with built-in security and compliance capabilities are key. Large language models (LLMs) under IT governance offer reliable protection within the enterprise environment and are an effective countermeasure to shadow AI. They offer high data protection standards and, if used correctly, can be monitored by IT departments or service providers to ensure internal data security and compliance policies are observed.
Microsoft has recognised this challenge and provides two solutions: Microsoft 365 Copilot Chat and Microsoft 365 Copilot (the latter offering deeper integration with company data). Both are available to business customers with a Microsoft 365 subscription (free of charge in the case of Copilot Chat), giving internal IT departments extensive control over company data and reducing the risks of shadow AI.
What is Microsoft 365 Copilot Chat?
Copilot Chat is a secure, compliant chat tool and an effective replacement for the unauthorised use of ChatGPT and the like. It allows employees to work conveniently and efficiently with GenAI without having to obtain an additional paid license. Companies enjoy the benefits of a compliant and secure chat solution without the need for further licensing. Employees can log in with their business account via their browser or the Microsoft 365 Copilot app to use Copilot Chat.
Features
In addition to text and voice prompting, Copilot Chat offers a variety of features such as image generation with Visual Creator. Users can also upload and search files with work-related content. Companies that want even deeper integration with Office products and company data, such as features for summarising Teams meetings, need the full version of Microsoft 365 Copilot as a paid add-on license and not just Microsoft 365 Copilot Chat.
What to consider when introducing GenAI tools
The benefits of Copilot Chat and Copilot when fully deployed are optimally realised when the rollout is approached as more than just a technical implementation. It’s important to bridge the gap between technological potential and actual use – in other words, change management is key. Companies can get the most out of these tools by actively guiding and supporting their employees in introducing and using them.
How to promote the use of sanctioned tools
To mitigate the risks of shadow AI and promote the use of sanctioned GenAI tools, three things are essential and form a cohesive whole:
1. A suitable tool
Applications with integrated security and compliance guidelines already reduce risks from the moment of introduction. The use of shadow AI shows that we need to re-learn and internalise proper data protection and compliance practices. Companies should see this as an opportunity to ensure their workforce is appropriately trained.
2. Active support for employees
Companies should build awareness of data security and compliance as well as provide targeted training in the practical use of GenAI tools. This is necessary to fully exploit the technological potential and to ensure that employees use GenAI profitably and responsibly.
3. Expertise
Swisscom has the highest possible degree of specialisation in Microsoft 365, achieved by successfully demonstrating practical expertise in a demanding certification process. This gives customers a true advantage in understanding when it comes to the effective rollout and secure integration of Microsoft solutions within existing workflows.
Step out of the shadows
As soon as sensitive data ends up in unsanctioned tools, its security is no longer guaranteed. There is no way to undo this. That makes it all the more important that companies give employees secure GenAI tools while also building awareness and providing training. Both Copilot Chat and Microsoft 365 Copilot are GenAI tools with integrated security and compliance settings that make them suitable for companies.
Discover the world of Microsoft 365 Copilot with Swisscom
We offer companies comprehensive support for all aspects of Microsoft 365 Copilot. We accompany you during the introduction and work with you to develop deployment scenarios.
