If you’re spending more on cybersecurity, you’ve got plenty of company. Gartner forecasts that global security and risk management spending will grow by 14.3% by 2024, to a total of $215 billion. Four trends are driving the increase, according to Gartner, including three that are likely to sound familiar: cloud, continuous hybrid workforce, and the evolving regulatory environment. But there’s a relatively new trend on that list too: generative AI.

Wait: Isn’t generative AI supposed to be an asset, not a liability? Companies talk about using AI to boost cybersecurity, but they’re also worried that doing so might inadvertently expand the footprint of risk that they must address. So, which is it? Does generative AI complicate your security challenge, or help you to address it?

The answer is: “both.”
Whatever your use of generative AI – such as an online consultant, customer service chatbot, or software developer – ensuring it is secure and meets your privacy and compliance regulations is crucial to using it successfully. Once you’ve made progress on that dimension, you can explore how to use generative AI to improve your broader cybersecurity and build cyber-resilience. In this way, generative AI can become your new secret sauce in keeping up with hackers and evolving cyberthreats.

Securing your generative AI and using it to improve security doesn’t have to involve a major investment. You likely already have many of the licenses you need in your existing Microsoft enterprise agreement.

You may not realize it, but many of the security tools you use from Microsoft today, such as Microsoft 365 Defender and Microsoft Sentinel, already use machine learning and AI to help you detect and respond to attacks and risks in your environment. In some cases, they do so automatically, without requiring human interaction. Now Microsoft is taking this one step further with Security Copilot, the first generative AI security assistant on the market.

Securing generative AI
Securing your generative AI is vital to building trustworthy AI that your organization can rely on. A good way to start building that trust is to identify the key risks and threats, as well as the value of the data being used by generative AI on behalf of your organization and its users. And you’ve got plenty of risks to choose from, including risks to input data, output data, PII, algorithms, models, and human factors. You also need to secure your use of third-party systems such as ChatGPT, for example, addressing prompts that can inadvertently expose users’ confidential information. That’s a new, AI twist to the longstanding concern about exposing customer data. An important way to understand your specific risks is by conducting NIST and generative AI risk assessments, which Avanade undertakes for a growing number of organizations.

A second aspect of securing your generative AI is implementing data loss prevention (DLP) strategies. You need to understand the data flows and data environments across your systems to identify and address potential weaknesses. Generative AI’s access to data has to be strictly limited to authorized uses by authenticated software – another AI spin on the longstanding need to restrict software and human data access.

Helpful tools and techniques include access controls, policies and permissions managed via Microsoft Purview, and identity management via Active Directory. Avanade has long helped clients to implement Secure by Design principles that bake security into their technologies, as well as DevSecOps thinking that spotlights security needs through all stages of development, testing and deployment. We also support organizations in securing their use of AI copilots.

Using generative AI to improve security
With your generative AI secured, you can use it to supercharge your defenses against the rising tide of hackers, preventing a larger share of attacks and stopping attacks faster. For example, Avanade’s Microsoft Security Copilot initiative uses Microsoft’s generative AI Security Assistant to help detect threats, manage incidents, and improve your security posture. It can even help you address cyber-skills shortages. Avanade is one of only five Microsoft partners on the Design Advisory Council, helping to shape Security Copilot and one of the first organizations to also implement it internally.

Generative AI holds the potential to deliver tremendous business value because there are so many use cases in which it can speed and strengthen your operational security. The extensive list includes incident response, threat hunting, security reporting, compliance and fraud, cybersecurity training, simulated attack automation, security virtual agents and chatbot advisors, and user behavior analysis.

Harness generative AI securely, with confidence – and with Avanade
You can rely on Avanade’s expertise in generative AI to make your adoption of this revolutionary technology safe, effective, and a driver of tremendous business value. We have more than 4,000 data and AI specialists covering engineering, data science, and AI solutions. We have in-depth expertise with OpenAI and Azure OpenAI Service. We’re the only company to have won the Microsoft Alliance Partner of the Year 17 times. And we work in close collaboration with our alliance partners Accenture and Microsoft.

Our easy-to-consume starter pack initiates your journey into generative AI quickly, leveraging repeatable frameworks to accelerate time to value. Begin with a 2-hour session to learn what generative AI security can mean for your company.

Ready to start – or just want to learn more? For a Security Copilot readiness assessment, visit us here.