As enterprises race to adopt generative and agentic AI, many are realizing that the real challenge isn’t the model — it's the data. Industry reports show AI rollouts are stalling due to challenges of addressing the information risk and data governance foundations that make AI safe, compliant, and impactful.
Gartner’s AI trust, risk, and security management (TRiSM) framework emphasizes the Information Governance (IG) layer as critical for reliable and secure AI adoption. For regulated enterprises, IG is the most urgent and actionable layer because weak information governance is emerging as the major obstacle to wider AI rollouts.
IG addresses data security posture management (DSPM) gaps in data classification and access controls – gaps that often cause overexposure of sensitive data, fragmented permissions, and accidental leakage as AI and users surface, copy, and share information.
While Gartner defines IG as foundational to TRiSM, it does not provide guidance for implementation. To operationalize TRiSM – and avoid dependence on any single platform or ecosystem – organizations should take a technology-agnostic approach to an AI-ready, enterprise-grade IG framework. That framework should deliver three core capabilities:
- Ensuring AI only accesses relevant, correctly permissioned information.
- Implementing targeted data classification to secure sensitive information and prevent overexposure.
- Involving end-users directly in governance through platform-agnostic solutions.
Setting a Foundation for AI-Ready Information Governance
Challenges around data governance may seem daunting, but progress doesn’t require an all-encompassing AI governance program from day one. The most immediate and impactful action is to implement data classification as the foundation of an AI-ready information architecture.
Classification is a core capability of the IG layer because it is required to secure information according to business purpose, sensitivity, and organizational context. Beyond addressing immediate risks of data leakage and overexposure, classification establishes the foundation of a scalable information architecture, enabling organizations to expand AI adoption and roll out future technologies, like autonomous AI agents.
Rolling out a data classification model across a large, enterprise-grade, multicloud environment is a significant effort. Still, the principles are consistent across platforms: accurate, targeted labeling; permissions aligned to classification; and policy-based enforcement that prevents AI from accessing unclassified, risky, or highly sensitive data.
Preventing Oversharing and Leakage: A Cross-Platform Strategy
In my experience deploying and working with customers across Microsoft 365, I’ve observed oversharing as the most common governance gap. Copilot amplifies the issue by surfacing content from OneDrive, SharePoint, and Teams due to this platform's default broad permissions and inheritance model. Microsoft Purview sensitivity labels and policies provide the mechanism to classify content, but they are effective only when classification is applied consistently and accurately across the environment. Data Loss Prevention (DLP) policies must then act on those classifications to restrict inappropriate sharing, particularly in Copilot scenarios. Complementing Purview, Entra ID conditional access needs to align permissions with classification so that users – and AI services – cannot access information outside their business role.
In Google Workspace, oversharing and data leakage often begin in Drive, where shared folders and the “anyone with the link” setting provide unrestricted access. Like Copilot, Google Gemini inherits these permissions, which can expose sensitive files in responses. Google’s DLP rules can detect sensitive data across Gmail, Chat, and Drive, but they are only effective when appropriately scoped with Google identity and management (IAM) Groups, supported by Drive Labels (metadata labels) and Custom Content Detectors that classify data by sensitivity or business purpose. These elements must work together: labels define categories, detectors find violations, and IAM Groups enforce DLP policies for data in scope.
In Amazon Web Services (AWS), oversharing risk arises when large unstructured datasets in Simple Storage Service (S3) buckets and data lakes are accessible to AI services, like SageMaker and Bedrock, without data classification or role-based access controls (RBAC). IAM roles and S3 bucket policies enforce least privilege and block public or cross-account access. S3 object tagging and metadata can then be used to classify data by sensitivity or business purpose, providing a lightweight solution to align access policies with classification to prevent overexposure and data leakage. As data strategies mature, data lakes such as AWS Lake Formation can extend data classification with metadata tags to larger, more complex environments and AI workloads. The same principle for IG with data classification applies in Microsoft Azure, where Purview can apply labels and classifications to data in Azure Blob, Synapse, and Fabric OneLake.
Data classification is foundational, but it must be selective and risk-weighted. Universal coverage – classifying everything – is neither feasible nor necessary at enterprise scale. Instead, classify the assets that AI can access and whose exposure poses risk to the enterprise, then bind those classifications to IAM and DLP controls. Three principles apply across environments:
- Risk-weighted classification. Prioritize AI-reachable data stores and high-impact domains and restrict unclassified data by default.
- Bind access and DLP to labels. Drive IAM, sharing, and DLP from classifications — if it isn’t classified, AI shouldn’t see it.
- Classify natively, then scale. Use Purview/Google DLP/AWS tags for baseline, then augment with DSPM solutions and owner attestation for scalability.
Beyond Native Controls: Leveraging SaaS for Cross-Platform Information Governance
Native capabilities like IAM, DLP, and labeling set the foundation for AI readiness, but they rarely provide unified visibility or consistent enforcement across cloud platforms. Traditional, top-down models of governance – where IT or security teams manage labels and policies in isolation – struggle to keep pace with the collaborative nature of AI-enabled work.
As early AI adopters have discovered, fragmented DSPM and DLP tools create blind spots and alert fatigue. Gartner has noted a growing trend toward consolidating the IG layer, where SaaS-based solutions expand beyond platform-specific controls to integrate data protection for both structured and unstructured data.
The advantage of this approach lies in its unified control plane (single-pane-of-glass) to identify risk, implement policies, and the ability to pull data owners into the process, so risk is resolved at the source instead of piling remediation tasks onto stretched security and operations teams. Breaking up organizational silos by involving data owners in IG is emerging as a core capability as it reduces alert fatigue, shortens time-to-remediate and drives AI adoption with a stronger data foundation.
When evaluating how to extend native IG capabilities in effort to manage risk and accelerate AI adoption, organizations should look for solutions that:
- Keep data owners in the loop as effective classification and enforcement still require human oversight.
- Provide unified DSPM and DLP control across cloud platforms and data types, covering the entire data estate.
- Enable end-to-end remediation workflows from risk detection to policy enforcement.
- Leverage AI-native enhancements such as natural language processing (NLP)-driven detection or agent-assisted remediation, to reduce response time.
Turning Governance Into Advantage
Native tools establish a necessary baseline, but sustainable AI governance requires unified visibility, contextual automation, and shared accountability.
As organizations advance along the TRiSM maturity curve, the IG layer will define how effectively they can scale AI. AI is only as trustworthy as the data it learns from — and information governance is where that trust begins.
