Skip to content
WWT LogoWWT Logo Text (Dark)WWT Logo Text (Light)
The ATC
Ctrl K
Ctrl K
Log in
What we do
Our capabilities
AI & DataAutomationCloudConsulting & EngineeringData CenterDigitalImplementation ServicesIT Spend OptimizationLab HostingMobilityNetworkingSecurityStrategic ResourcingSupply Chain & Integration
Industries
EnergyFinancial ServicesGlobal Service ProviderHealthcareLife SciencesManufacturingMedia & GamingPublic SectorRetailSports & EntertainmentUtilities
Learn from us
Hands on
AI Proving GroundCyber RangeLabs & Learning
Insights
ArticlesBlogCase StudiesPodcastsResearchWWT Presents
Come together
CommunitiesEvents
Who we are
Our organization
About UsOur LeadershipSponsorshipsLocationsSustainabilityNewsroom
Join the team
All CareersCareers in AmericaAsia Pacific CareersEMEA CareersInternship Program
Our partners
Strategic partners
CiscoDell TechnologiesHewlett Packard EnterpriseNetAppF5IntelNVIDIAMicrosoftPalo Alto NetworksAWSGoogle CloudVMware
What we do
Our capabilities
AI & DataAutomationCloudConsulting & EngineeringData CenterDigitalImplementation ServicesIT Spend OptimizationLab HostingMobilityNetworkingSecurityStrategic ResourcingSupply Chain & Integration
Industries
EnergyFinancial ServicesGlobal Service ProviderHealthcareLife SciencesManufacturingMedia & GamingPublic SectorRetailSports & EntertainmentUtilities
Learn from us
Hands on
AI Proving GroundCyber RangeLabs & Learning
Insights
ArticlesBlogCase StudiesPodcastsResearchWWT Presents
Come together
CommunitiesEvents
Who we are
Our organization
About UsOur LeadershipSponsorshipsLocationsSustainabilityNewsroom
Join the team
All CareersCareers in AmericaAsia Pacific CareersEMEA CareersInternship Program
Our partners
Strategic partners
CiscoDell TechnologiesHewlett Packard EnterpriseNetAppF5IntelNVIDIAMicrosoftPalo Alto NetworksAWSGoogle CloudVMware
The ATC
Microsoft Defender for Cloud AppsMicrosoft Generative AIMicrosoft
Video
•
8:12
•

June 30, 2026

Beyond the Default: The Shadow AI & Insider-Risk Problem

This insightful video explores the intertwined organizational challenges of Shadow AI and insider risk. It clearly explains how unsanctioned generative AI use can easily lead to accidental corporate data leaks. To successfully combat this growing problem, the presentation introduces a proactive framework of Discover, Govern, and Protect, utilizing powerful Microsoft tools like Purview to secure environments beyond standard default policies.

This comprehensive presentation provides an in-depth look at the growing security challenges surrounding Shadow AI and insider risk, emphasizing why standard, out-of-the-box security policies are no longer sufficient to protect sensitive corporate data.

The Limitations of Default Policies

While default security settings, such as one-click Data Loss Prevention (DLP) and audit-only modes in Microsoft Purview, provide a necessary baseline, they are only the starting point. Relying solely on these reactive measures leaves organizations vulnerable. The presentation advocates for transitioning to a proactive, customized security posture using advanced Microsoft tools like Defender for Cloud Apps and Endpoint DLP.

The Intersecting Threats

The core of the issue lies in the convergence of two distinct but related risks:

Shadow AI: This is the modern evolution of Shadow IT. It occurs when employees use unsanctioned third-party generative AI tools to complete their work. When data is pasted into these external prompts, it leaves the corporate tenant and enters environments that lack enterprise-grade confidentiality and processing agreements.

Insider Risk: Crucially, this risk is rarely malicious. Data leaks typically happen because well-intentioned employees are rushing to meet deadlines or seeking efficiencies, unintentionally exposing regulated material, source code, or customer data through these unapproved channels.

The Business Impact

When sensitive data leaves the corporate boundary, organizations lose control over data residency, retention, and governance. It introduces significant legal and compliance exposure, particularly regarding financial or personal records. Furthermore, the presentation warns against the instinct to simply "hard-block" all unsanctioned applications; strict prohibition often pushes user behavior further underground onto personal devices, creating complete visibility blind spots for security teams.

The Solution: Discover, Govern, Protect

To effectively combat these risks without hindering productivity, organizations must adopt a deliberate, three-stage framework:

Discover: Actively monitor and understand which unsanctioned AI applications employees are using and the volume of data being shared to eliminate blind spots.

Govern: Utilize the insights from the discovery phase to define targeted, adaptive policies that regulate interactions with third-party AI tools.

Protect: Enforce these policies using comprehensive audit logging, real-time alerting, and automated protections across the endpoint and cloud app environments to ensure sensitive data remains strictly controlled.

The session concludes by setting the stage for a practical, hands-on demonstration of how to operationalize this framework to surface and mitigate the Shadow AI problem.

Technologies

Featured speaker

Matthew Raida

WWT

LEad, ASD Cyber

Contributors

Matt Raida
Team Lead, ATC Delivery
WWT
  • About
  • Careers
  • Locations
  • Help Center
  • Sustainability
  • Blog
  • News
  • Press Kit
  • Contact Us
© 2026 World Wide Technology. All Rights Reserved
  • Privacy Policy
  • Acceptable Use Policy
  • Information Security
  • Supplier Management
  • Quality
  • Accessibility
  • Cookies