Your Data is a Mess and AI Knows It
Here’s a number that should worry you: less than 30% of South African businesses have a formal data governance policy. Not a sophisticated one. Any policy at all.
Now think about what’s happening right now across your Microsoft stack. Copilot is reading your SharePoint. AI agents in Dynamics 365 are processing purchase orders based on your product master. Azure AI services are pulling data from systems your IT team may have forgotten exist. Every one of these tools trusts your data. The question is whether your data deserves that trust.
The problem nobody wants to talk about
Most organisations didn’t build their data estates with AI in mind. They built them to get through the quarter. Customer records got duplicated during a CRM migration five years ago and nobody cleaned them up. Product catalogues have three versions — the ERP version, the spreadsheet the sales team maintains, and the one procurement actually uses. Shared drives are full of documents with confidential data sitting in folders with no access controls.
When a human works with this data, they learn the workarounds. They know that customer code BT-4421 and BT-4421a are the same client. They know not to trust the inventory count in warehouse 3 because someone always forgets to scan returns. They work around the mess because they’ve been living in it for years.
AI doesn’t do workarounds. AI takes your data at face value. If your CRM says a customer has two accounts, Copilot will treat them as two customers. If your product catalogue has inconsistent pricing, an autonomous agent in Business Central will process orders against whichever record it hits first. If your Azure storage has unclassified sensitive data sitting in a blob container with overly broad permissions, AI tools will happily surface that data to anyone with Copilot access.
AI doesn’t fix bad data. It amplifies it. At speed.
The security angle nobody’s connecting
Here’s where it gets worse. The same data gaps that trip up your AI tools are the gaps that criminals exploit.
Arctic Wolf’s threat intelligence team sees this pattern repeatedly in South African incidents. An organisation has ungoverned data scattered across legacy systems, shared drives, and cloud storage. Access controls are inconsistent — some containers are locked down, others are wide open because someone needed quick access two years ago and nobody revoked it. Sensitive data — customer PII, financial records, employee information — sits in locations that aren’t monitored.
An attacker doesn’t need to breach your most secure system. They need to find the one system you forgot about. The legacy file share with Domain Users read access. The Azure storage account with a SAS token that never expired. The SharePoint site that was “temporary” three years ago and still has the entire finance team’s quarterly reports.
When you add AI to this environment, you’re giving a powerful tool access to a data estate that was already a liability. Copilot doesn’t know that the HR spreadsheet in that shared drive was never supposed to be accessible to marketing. It just indexes it and surfaces it when someone asks a relevant question.
Three things to do before you hand AI the keys
1. Map what you actually have. Before deploying any AI tool, you need to know where your data lives, who has access, and what’s in it. Not what your documentation says. What’s actually there. Microsoft Purview can help with data classification and discovery. If you’re not using it, start. If you are, check when you last reviewed the results.
2. Clean before you automate. Duplicate customer records, stale product catalogues, inconsistent pricing rules — fix them now. An AI agent processing 100 purchase orders a day on dirty data will create more problems in a week than your team creates in a quarter. Craig Fidler has seen this in every Dynamics 365 environment Braintree touches: the organisations that get the most from AI are the ones that did the boring data hygiene work first.
3. Treat governance as a security control. Data governance isn’t a compliance checkbox. It’s attack surface management. Every ungoverned data source is a potential exposure point. Every file with overly broad permissions is a target. Arctic Wolf’s approach ties security operations to data visibility — you can’t protect what you can’t see, and you can’t see what you haven’t classified.
The bottom line
South Africa is adopting AI faster than most African markets. Microsoft Copilot is in production across retail, banking, manufacturing, and public sector organisations. Dynamics 365 is shipping autonomous agents that make decisions without human input. This is happening whether your data is ready or not.
The organisations that get value from AI will be the ones that did the groundwork: classified their data, cleaned their master records, locked down access, and built governance that scales. The ones that don’t will automate their existing problems, expose sensitive data through AI tools, and wonder why the technology isn’t delivering what Microsoft promised.
AI found the skeletons in your data cupboard. So did the hackers. The question is what you do about it before both of them get comfortable.
Braintree’s security and Dynamics 365 teams work together on exactly this problem. If you want a data governance and security readiness assessment before your next AI deployment, get in touch.
