The Provider Playbook 3: Copilot is Only as Safe as the Data Behind It

Every One of Your Customers Is Being Told to Deploy Microsoft 365 Copilot But the Data They Need to See Isn’t There

Key Takeaways:

• When customers turn on Microsoft 365 Copilot, it surfaces files employees can technically open but were never meant to see. That isn't a Copilot flaw; it's a long-buried data-governance problem that AI suddenly makes visible, and it's why so many rollouts stall after the pilot. Gartner found 40 percent of organizations delayed three months or more over oversharing.
• The two usual fixes both make it worse. Copying data into a separate lake creates a second copy of sensitive data to secure and doubles the attack surface, while rebuilding permissions by hand is slow and wrong the moment a folder changes. Both treat the AI layer as separate from the file system, so the permission truth has to be copied or recreated.
• Panzura Nexus removes that separation. It connects governed CloudFS data directly to Copilot and carries each file’s existing permissions through intact, with no separate copy and no drift, so Copilot surfaces only what each user was already allowed to see. For a service provider, owning that layer turns you from infrastructure partner into hard-to-displace AI advisor.

The Provider Playbook is a 3-part series that explores how the data underneath every organization today has become a lot more complicated and valuable, why many organizations find it difficult to fix without help, and how Panzura CloudFS can be offered as a durable revenue-generating business by service providers. Read Part 1 and Part 2.

There’s a version of the AI conversation that every provider is having right now.. The customer's CEO has mandated Microsoft 365 Copilot, so the customer turns it on. Within weeks someone discovers that an employee can now ask a question and get back salary figures, an unannounced acquisition, or a confidential HR file. You’ve heard the stories where Copilot surfaced a document that person could technically open but never should have seen in the first place.

The truth is, that’s not a Copilot flaw. Copilot was working just as it should. It’s actually a data-governance flaw that Copilot made visible. This is the opening for what is perhaps the highest-value service in your portfolio — if you understand what’s actually going wrong.

Copilot doesn’t decide who should see what. It honors the permissions that already exist on the files, then makes that data much easier to find. However, in the environment with years of accumulated shares and inherited permissions nobody has audited, it’s a problem waiting to surface.

The uncomfortable truth is that most file estates have been poorly or under-permissioned for a long time. Often decades or more. But it never mattered, because finding the wrong file required knowing it existed. Copilot removes that friction entirely. It will cheerfully retrieve anything a user is technically allowed to reach. That means every latent permission problem becomes an active exposure.

This is a big reason that Copilot rollouts stall. In a Gartner survey of IT leaders, data oversharing prompted 40% of organizations to delay their Copilot rollout by three months or more, 64% reported that information governance and security risks consumed significant time and resources during deployment, and 57% limited their rollout to low-risk or trusted users to manage the risk.

Moreover, the underlying exposure is real. An analysis by Concentric AI of more than 550 million records found that, on average, organizations have roughly 802,000 files at risk from oversharing, with about 16% of business-critical data overshared. That's the baseline state of a typical Microsoft 365 tenant before anyone turns on AI.

Table 1. The Copilot oversharing problem, by the numbers. Independent evidence that data governance — not the AI model — is what stalls Copilot deployments.

Your customers feel this risk even when they can’t articulate it. That’s why so many AI initiatives stall right after the pilot. It happens when someone in security or legal wanted answers to what employees can see and nobody had a confident answer.

The fact is, a stalled pilot is expensive in a way that doesn’t show up in a spreadsheet. The customer has already spent the internal influence and hard work to get AI approved, set the expectation with leadership, and licensed the Microsoft 365 seats. When it stalls on a governance question no one can answer, that momentum curdles into doubt. The provider who can move an AI initiative forward is doing more than solving a technical problem. They’re also recovering their client’s credibility, which is exactly the kind of save that defines a long-term relationship.

The two common answers both make it worse

When providers and customers go looking for a fix, they usually land on one of two approaches, and both create new problems.

• Copy everything into a separate data lake or index. As a result, they’ve got a second full copy of the most sensitive data, in a new location. It has to be secured, governed, and kept in sync, and the original permissions are rarely preserved intact. That doubles the attack surface and the cost.
• Rebuild permissions by hand. This is slow, expensive, and wrong the moment someone changes a folder. It also represents a permanent line of manual work that drifts further from reality over time. That means it doesn’t scale, and it’s never finished.

Both approaches treat the AI layer as something separate from the file system, which means the permission “truth” has to be either copied or recreated. Get rid of that separation and the problem dissolves.

Table 2. Three ways to make file data safe for Copilot compared. How each approach handles permissions, data copies, and ongoing maintenance.

Permission fidelity by design

Panzura Nexus is different. It connects governed Panzura CloudFS data directly to Microsoft 365 Copilot and carries each file’s existing access controls through intact. The permissions that govern the file are the permissions that govern what Copilot can surface. Permissions are not flattened and do not need to be constructed. Perhaps most importantly, there’s no drift.

That means there’s no separate data lake to secure, because the data stays where it already lives under the original control structure. There’s no need for manual rebuilt permissions, because Nexus honors the real ones rather than a hand-made copy. Moreover, Copilot surfaces to each user only what that user was already entitled to see. The AI inherits the customer’s actual security posture instead of a degraded approximation.

For your customer, this is the difference between an AI rollout that respects their governance and one that undermines it. For a service provider’s business, it’s something equally valuable.

Why this is your wedge

Out of every service in the Panzura service provider portfolio, the AI data layer possibly changes how the customer sees you in the most significant way. When you run a customer’s file platform, you’re an essential infrastructure partner. When you provide the layer that makes their AI safe and trustworthy, you become an AI advisor. That’s a different kind of altitude and relationship.

It’s also a difficult service to displace. Once the AI data foundation runs through a service provider, replacing it means putting an entire AI initiative back at risk. It’s genuinely hard for anyone to unwind.

And the timing is right. Your customers are in the exact window between a leadership mandate and a security dilemma. Panzura can help you provide real answers and lead the most important infrastructure conversation your customers are having.

The AI conversation with your customers will happen whether or not you’re at the table. Let Panzura help you start it first.

See how Panzura Nexus makes your customers’ file data safe for AI and how it fits into the Panzura service offer.

Frequently Asked Questions (FAQs)

• Why does Microsoft 365 Copilot surface files employees should not see?

  Microsoft 365 Copilot doesn’t decide who should see what. It honors the permissions that already exist on each file, then makes that data far easier to find. In an estate with years of inherited permissions nobody has audited, that turns every old access problem into an active exposure. It's a governance flaw Copilot reveals, not a Copilot flaw.

• Why do so many Copilot rollouts stall after the pilot?

  They stall on a governance question nobody can answer confidently: what can employees actually see? In a Gartner survey, 40 percent of organizations delayed their rollout three months or more over data oversharing, and 57 percent limited it to low-risk users. The risk feels real even when no one can name it.

• How much company data is overshared before AI is turned on?

  More than most leaders expect. A Concentric AI analysis of over 550 million records found the average organization has roughly 802,000 files at risk from oversharing, with about 16 percent of business-critical data exposed. That is the baseline state of a typical Microsoft 365 tenant before anyone enables Copilot.

• Why don’t a separate data lake or a manual permission rebuild fix Microsoft 365 Copilot oversharing?

  Both treat the AI layer as separate from the file system, so the permission truth has to be copied or recreated. A data lake creates a second copy of sensitive data to secure and sync, doubling the attack surface. A manual rebuild is wrong the moment a folder changes, so it drifts and is never finished.

• What is Panzura Nexus?

  Panzura Nexus is the AI data layer that connects governed Panzura CloudFS data directly to Microsoft 365 Copilot. It carries each file's existing access controls through intact, so the permissions that govern the file are the permissions that govern what Copilot can surface. There is no separate copy to secure and no permission drift.

• How does Panzura Nexus keep Microsoft 365 Copilot from exposing the wrong files?

  Panzura Nexus preserves permission fidelity by design. The data stays where it already lives under its original controls, and Copilot surfaces to each user only what that user was already entitled to see. The AI inherits the customer's real security posture rather than a flattened or hand-rebuilt approximation of it.

• Why is the AI data layer such a valuable service for providers to offer?

  It changes how the customer sees you. Running the file platform makes you an infrastructure partner, but providing the layer that makes their AI safe makes you an AI advisor. It is also hard to displace, because unwinding it puts an entire AI initiative back at risk, so the relationship tends to hold.