The GenAI Knowledge Security Platform

Purview helps with sensitivity classification, particularly around PII, but it doesn’t cover sensitive topics that are important to the business, for example, compensation information, M&A, legal disputes, etc.

In addition, Purview works primarily through fixed pattern matching. As such, Purview frequently flags content that is not actually sensitive. This fixed pattern matching approach will not be able to discover these sensitive business topics.

This does not replace Purview. You should continue to use Purview for data discovery and sensitivity classification. The data discovery process using Purview (and other similar data discovery tools) can take months to complete for a full scan of a large enterprise’s entire file system.

Knostic’ Copilot Readiness Assessment takes a broad approach with prompts built on a corpus of sensitive business topics for specific user profiles. This approach can accelerate the discovery of sensitive business
content, uncovering 80% of the high priority findings in less than 20% of the time.

Knostic’s Copilot Readiness Assessment is more about preemptive data discovery rather than real-time data loss prevention. Through this assessment, clients can map out where their sensitive business content exists and where it might be overshared.

By addressing the oversharing problem, Knostic can minimise the risk of future data loss and oversharing.

A Readiness Assessment is a good first step towards implementing a data classification program.

We also support Glean and will be adding more Enterprise AI tools soon.

The client would need to be using Microsoft 365 and have a minimal number of Copilot licences active for testing, but does not need to have active Copilot licences for Microsoft 365 deployed to users. They don’t even need to have plans to deploy it. In other words, even if they are not intending to use Copilot, this approach can still help accelerate the discovery of sensitive content within Microsoft 365 itself.

The organization does not need to determine the topics before starting an assessment. Often, they won't know them in advance, and waiting to identify the topics to be scanned will unnecessarily prolong the process. Once they start seeing results, they can return with specific topics they want to explore in more depth.

We recommend leveraging the intended rollout plans for Copilot. The groups your organization plans to roll out Copilot to next should determine which profiles to scan first.

The enterprise does not need to have any defined roles to get started. The program owners often feel like they are not ready because they don’t have a robust Identity and Access Management program or fall short in defining roles. If they have Department level delineation of users, that’s sufficient to define a profile. Even if they don’t have that, we begin the assessment with a user profile that has no permissions at all, which is trivially easy to establish.

Customers can choose no data retention or to retain data for a limited time for greater visibility and insights. Data (answers to queries) is processed (in transit) then deleted according to the policy set by the customer. We can provide a data processing agreement (DPA) and a list of subprocessors on request. All processing is per client in an isolated silo, i.e. it is not multitennant.