Securing Your Company’s Data, Devices and Infrastructure for Copilot Success

In a recent webinar, Jason Floyd, Chief Security Officer at Ascent Solutions and former U.S. Marine Corps cyber warfare instructor, delivered a comprehensive framework for securing organizations in the age of AI.  Floyd’s background in both offensive and defensive cyber warfare from his Marine Corps service, combined with his enterprise security expertise, provides a unique perspective on the security challenges AI presents.  

His message: AI represents the most transformative technology since cloud computing—arguably since ever—and businesses are integrating it whether security teams are ready or not. 

His approach: Like a race car, the key to secure AI adoption is not about slowing down—it’s about implementing the right safety features to go faster, safely. 

The Current State of AI: A Paradigm Shift, Not Just Another Tool 

The reality is stark: businesses are integrating AI regardless of security readiness because it’s necessary for business transformation, which drives IT transformation and, subsequently, security transformation. 

“AI is the most transformative technology that we’ve seen since cloud computing, maybe arguably since ever.”  

Perhaps most concerning is that attackers are already leveraging AI capabilities. Floyd highlighted how traditional phishing detection methods—looking for misspellings and bad grammar—are now obsolete because large language models generate flawless emails with proper grammar. This creates an asymmetric threat landscape where defenders must adopt AI capabilities just to maintain parity with attackers. 

The Formula One Analogy: Speed Requires Better Safety Features 

Floyd uses the analogy of a Formula One race car to illustrate his philosophy: organizations shouldn’t slow down their AI adoption, but they need proper safety features before unleashing full speed. Just as performance cars require high-quality brakes to go faster safely, AI implementations need robust security controls to enable business velocity.  

“If you want a car to go really fast, the first thing that you’re going to do is buy performance-grade brakes, because you’re not going to go really fast if you can’t slow down,”  

The safety features—when implemented correctly—actually enable the business to go faster, not slower. 

The Three Pillars of AI Security 

Floyd’s framework centers on three critical pillars that serve as the essential safety features for AI deployment: Inventory, Identity Protection, and Data Protection. These aren’t new concepts—they’re foundational cybersecurity principles that become critically important in an AI context. 

Pillar 1: Inventory – The Foundation You Can’t Skip 

Inventory has been a cybersecurity staple for decades, referenced in frameworks like CIS Controls 1 and 2 (hardware and software inventory). The principle remains unchanged: you can’t protect what you don’t know exists. However, AI has created new challenges that make inventory even more critical. 

The Shadow AI Problem 

Floyd draws parallels to the shadow IT phenomenon that emerged with SaaS adoption. Just as marketing and sales teams could bypass IT to purchase SaaS solutions and ask for integration later, AI capabilities are now being embedded into existing SaaS platforms without explicit consent or oversight. 

“All of those SaaS vendors have AI capabilities, are integrating AI models, and we’re having all of those systems and applications leverage AI, whether we like it or not or whether we consent or not.” 

This happens because vendors must integrate AI for competitive advantage, just as organizations must adopt AI for their own competitive positioning. 

Getting Granular with AI Inventory 

Traditional high-level categorizations like “AI/ML” are insufficient. Organizations need to identify specific APIs, applications, URLs, and URIs to create actionable inventory. This granular approach enables precise control and protection measures. Microsoft provides excellent capabilities for this through: 

• Microsoft Defender for Cloud Applications: Comprehensive cloud app discovery and monitoring 

• Microsoft Intune: Device and application management 

• Azure AD (Entra ID): Conditional access policies and authentication monitoring 

These tools create a control framework that’s already built into the Microsoft enterprise platform, making legitimate AI inventory achievable without additional infrastructure investments. 

Pillar 2: Identity Protection – The Primary Control Point 

While most organizations focus immediately on data protection, Floyd argues that identity protection is the chronological prerequisite. You cannot effectively control data without first securing identity, and AI implementations heavily rely on single sign-on (SSO) and OAuth capabilities integrated with identity providers (IDPs). 

Why Identity Comes First 

Identity protection serves as the primary control mechanism because AI tools like Copilot inherit existing user permissions. While this might initially sound frustrating to some, Floyd views it as a well-designed security control—but only if the underlying permissions are already properly managed. This inheritance model requires that organizations have: 

• Hygienic permission structures 

• Proper privilege management 

• Effective role-based access control (RBAC) 

• Comprehensive lifecycle management (joiner-mover-leaver processes) 

Maturity Model Requirements 

Floyd advocates for identity protection maturity at the “managed” level—fully automated processes rather than manual, script-based approaches. Organizations don’t need to be perfect (optimized level), but they must be fast enough to keep pace with AI initiatives. 

“If this is not fast, all you’re going to end up doing is putting a governor on the Formula One car. And that’s not what the business needs.”  

The identity infrastructure must be capable of supporting AI initiatives at business speed. 

Microsoft’s Identity Advantage 

Microsoft provides robust capabilities in this space through: 

• Strong single sign-on capabilities: Arguably the market leader 

• Entra ID Governance: Enables organizations that previously considered automated lifecycle management “a bridge too far” to implement it relatively quickly 

• Native IDP integration: Leverages existing infrastructure investments 

Floyd notes that many organizations previously thought automated identity governance was only for the largest enterprises, but AI adoption has made it necessary for organizations of all sizes. 

Pillar 3: Data Protection – The Long-Overdue Priority 

Data protection represents the pillar that generates the most concern among security leaders and dominates security conference discussions. However, Floyd emphasizes that while it may be the highest risk, it may not be the first chronological order of business. 

The Historical Challenge 

Organizations have long needed data protection capabilities like data loss prevention (DLP), data classification, and data retention, but implementation was often delayed due to business concerns: 

• “I understand we can do data classification, but I don’t want to ask everyone to label every document” 

• “I understand we should do DLP, but I don’t want important emails getting blocked” 

Floyd acknowledges these were legitimate risk decisions in the past, but emphasizes that the AI economy has made these arguments moot. The speed and capability requirements of AI have elevated data protection from optional to mandatory. 

The Maturity Gap 

If identity protection typically operates at a 2.5-3 maturity level, Floyd estimates data protection is even less mature, often at level 2 or 1.5 for most organizations. Like identity protection, data protection needs to reach level 4 (managed) to support AI initiatives effectively. The required capabilities include: 

• Data Loss Prevention (DLP): Automated prevention of sensitive data exposure 

• Data Classification: Systematic categorization of data based on sensitivity and business impact 

• Data Retention: Automated lifecycle management of data based on business and compliance requirements 

Microsoft Purview: The Comprehensive Solution 

Microsoft Purview provides integrated data protection capabilities that span the entire business ecosystem: 

• Comprehensive DLP: Loss prevention across all Microsoft services 

• Advanced Classification: AI-powered data categorization 

• Microsoft Defender for Office 365: Email and collaboration protection 

• Integrated Architecture: Seamless integration across Teams, SharePoint, Exchange, and other Microsoft services 

Security Use of AI: Copilot for Security Teams 

Beyond securing AI implementations, Floyd addresses how security teams can leverage AI for their own operations through Microsoft Copilot for Security. His analysis reveals nuanced insights about AI’s role in security operations. 

Realistic Expectations: Leveling Up, Not Transformation 

Floyd dispels two common misconceptions about AI in security:

• AI will replace security jobs: Not accurate for properly implemented AI tools 

• AI isn’t ready yet: Oversimplified view that ignores current capabilities 

The reality is more nuanced. AI provides fantastic capabilities for users at all skill levels—beginner, intermediate, and advanced—but it doesn’t transform beginners into experts overnight. 

“We’re not going straight from driver’s ed to Formula One. That’s not going to happen.”  

Beginners don’t know advanced questions to ask, and even if provided with advanced queries, they lack the business and risk context to interpret results effectively. Instead, AI enables each skill level to level up: 

• Beginners can become intermediate: Guided investigation and structured approaches 

• Intermediate can become advanced: Automated routine tasks, focus on complex analysis 

• Advanced can become expert: Enhanced capabilities, strategic focus 

The Automation Philosophy 

Floyd shared advice from a colleague that guides AI implementation:  

“I try to automate all the things that I don’t like to do on a regular basis.”  

This approach allows security professionals to focus on high-value tasks while AI handles repetitive, manual work. For example, SOC analysts can focus more on threat hunting and less on triage, as AI handles routine investigation steps and data gathering. 

The Tool vs. The Individual 

Drawing from his military background, Floyd emphasizes that capability comes from the individual, not the tool:  

“A Marine rifleman, very capable, a marine tanker, very capable, a marine pilot, very capable. The constant is the individual. It’s not the tool.” 

This perspective reinforces that AI enhances human capability rather than replacing it. Better tools make capable individuals more effective, but the human element remains central to success. 

Bringing Theory to Practice: Real-World Copilot Examples 

While the three-pillar framework provides the strategic foundation, Floyd’s team has developed practical applications that demonstrate how Copilot for Security transforms daily operations. These aren’t theoretical use cases—they’re proven queries and workflows that deliver immediate value across different skill levels and security functions. 

Transforming Inventory Management from Manual to Strategic 

Traditional inventory management consumes significant manual effort, particularly in endpoint management. Floyd’s team has automated these routine tasks, freeing analysts to focus on strategic risk assessment rather than data gathering. 

• From Manual Reports to Instant Insights: Instead of spending hours pulling device reports from multiple consoles, analysts can ask Copilot: “Provide me a manufacturer and model breakdown of all Windows devices.” This single query leverages Intune integration to deliver comprehensive endpoint visibility instantly. 

• Proactive Compliance Monitoring: Rather than waiting for compliance reports, teams can query for non-compliant devices on-demand, enabling immediate remediation actions. This shifts the team from reactive compliance checking to proactive risk management. 

• Strategic Risk Focus: Perhaps most valuably, analysts can ask high-level questions like “What should I be looking into?” and “What are my top risks?” These queries help teams prioritize efforts based on actual risk rather than the loudest alert or most recent incident. 

Streamlining Identity Investigations Across Skill Levels 

Identity-related incidents often require complex investigation workflows that can overwhelm junior analysts while consuming valuable time from senior team members. Floyd’s approach creates structured, repeatable processes that scale expertise across the team. 

• Democratizing Advanced Techniques: Variable-based queries allow analysts to input specific user information and receive customized investigation workflows. This means junior analysts can execute sophisticated investigation techniques typically reserved for senior team members. 

• Accelerating Common SOC Workflows: Every SOC analyst knows the routine—when an alert fires, the first questions involve sign-in patterns, MFA status, and authentication failures. Copilot automates these pivots, allowing analysts to move from alert to actionable intelligence in minutes rather than hours. 

• Building the Complete Attack Picture: The real power emerges when connecting identity events to broader attack chains. If an analyst discovers suspicious sign-in activity, they can immediately pivot to ask: “Were they targeted with any phishing emails?” This creates a natural flow from identity investigation through the entire kill chain, turning fragmented data points into coherent threat narratives. 

• Scaling Expertise Through Playbooks: For organizations with mixed-skill security teams, these structured investigation flows serve as interactive training. Junior analysts receive step-by-step guidance while learning advanced investigation techniques organically through daily work. 

Solving the Daily Prioritization Challenge 

Data protection generates the most alerts and often creates the greatest anxiety for security teams. Floyd’s team has found that the most valuable Copilot applications address the fundamental question that every analyst faces: where should I focus my limited time and attention? 

• The Question Everyone Wants to Ask: Floyd highlights a query that came from a junior analyst but resonates across all experience levels: “What is the one activity I should prioritize today?” This seemingly simple question addresses a universal challenge—how to navigate competing priorities and focus on activities that truly reduce organizational risk. 

• Beyond Alert Fatigue: Rather than simply responding to the loudest alert, Copilot provides risk-based prioritization that considers business context, threat landscape, and organizational vulnerabilities. This transforms reactive security operations into strategic risk management. 

• Empowering Honest Questions: Junior analysts particularly benefit from AI-powered guidance because it answers questions they might hesitate to ask supervisors. This removes barriers to effective investigation and accelerates skill development across the team.

The Value Question 

Floyd highlights query #6 as particularly valuable because it addresses a fundamental need across all skill levels: prioritization. Even experienced analysts benefit from AI-powered risk assessment that helps focus daily activities on the highest-impact areas. 

The Critical Distinction: Two Sides of the AI Security Coin 

Floyd observes a common source of confusion that can derail security strategies. Teams often conflate two fundamentally different challenges, leading to incomplete solutions that create vulnerabilities rather than eliminating them. 

• Securing AI: Protecting AI infrastructure through inventory, identity, and data controls—the three pillars framework. 

• Using AI for Security: Empowering defenders with AI tools like Copilot to detect threats faster, respond more effectively, and scale security operations. 

Why Both Dimensions Matter 

These aren’t competing priorities—they’re complementary requirements that reinforce each other. Organizations that secure their AI infrastructure create the trust and control necessary to fully leverage AI for security operations. Conversely, teams that use AI for security develop the expertise and processes needed to secure AI implementations effectively. 

The failure to address both dimensions creates dangerous blind spots. Securing AI without using AI for security leaves teams fighting AI-powered attacks with traditional tools. Using AI for security without securing AI infrastructure exposes the organization to new attack vectors that negate the defensive benefits. 

The Competitive Imperative 

Floyd’s framework isn’t just about security—it’s about maintaining competitive advantage in an AI-driven economy. Organizations that implement robust AI security foundations can: 

• Move faster than competitors who are still working through security concerns 

• Attract and retain talent by providing modern, AI-enhanced work environments 

• Reduce security overhead through automation and improved efficiency 

• Scale operations without proportional increases in security staffing 

• Maintain customer trust through demonstrated security competence 

The Path Forward 

AI adoption is not optional—it’s a competitive necessity. Attackers are already leveraging AI capabilities, and organizations that delay adoption risk falling behind both in security posture and business capability. Floyd’s three-pillar framework provides a practical roadmap for secure AI adoption: 

• Start with Inventory: You can’t secure what you can’t see 

• Strengthen Identity: Your primary control point for AI tools 

• Automate Data Protection: Scale protection to match AI speed 

The goal isn’t perfection before deployment—it’s achieving “managed” maturity levels that can support AI initiatives at business speed. Organizations that implement these foundations can confidently embrace AI as a competitive advantage rather than a security risk. 

“Inventory isn’t optional. Identity can’t be manual. And your data needs automated protection at AI scale.“  

The organizations that understand this distinction—and act on it—will be the ones that thrive in the AI economy. For security leaders ready to begin this journey, Floyd recommends starting with honest assessment across all three pillars, followed by systematic implementation of Microsoft’s integrated security platform.  

The tools and capabilities exist today; the question is whether organizations will move quickly enough to capitalize on the AI opportunity while maintaining security excellence. In other words, the Formula One car is ready. It’s time to install the performance brakes and win the race. 

Watch the full webinar replay here.