Culligan Securely Scales Copilot Adoption While Reducing AI Data Exposure by 80%

Industry
Water Treatment Products & Service
Region
Global
Company Size
Size
14,000+

Challenge: Copilot Exposed a Long-Standing Oversharing Problem

Culligan, a global leader in water treatment and delivery services , has grown rapidly through acquisitions. With each new acquisition came another layer of unstructured data─adding to a tangled web of document shares, outdated permissions, and inconsistent governance.

The initial test of Microsoft Copilot seemed promising─until users began surfacing sensitive documents they shouldn’t have had access to. “Although people were using it for the right reasons,” Amir recalled, “some were just curious─testing what else they could find.”

That curiosity uncovered a larger problem: a lack of governance and visibility across SharePoint and Microsoft 365. Decades of decentralized site creation, legacy permissioning, and permissive policies on sharing data had left sensitive business data overexposed.

“Data sprawl was a known issue, but it wasn’t a priority—until we started piloting Copilot.”
Amir Niaz, VP, Global CISO, Culligan

Impact: Uncontrolled Access = Hidden Risk

The Copilot pilot highlighted governance challenges common in growing, distributed enterprises:

  • Employees creating public SharePoint sites by default
  • Lack of centralized policy enforcement or permission reviews on data created
  • Cultural habits of over-permissioning (“just give them full access so they won’t call IT”)
“AI didn’t create the problem. It just made it impossible to ignore.”
Amir Niaz, VP, Global CISO, Culligan

Solution: Oversharing detection and remediation with Opsin Security

Culligan partnered with Opsin Security to rapidly assess and remediate oversharing risks. Opsin’s platform mapped sensitive data exposures and access patterns across the company’s M365 ecosystem─focusing on what Copilot (and users) could see.

More importantly, Opsin helped Culligan put guardrails in place before the roll out:

AI Proactive Risk Assessment

Opsin performed a proactive risk assessment to identify high-risk SharePoint and OneDrive locations where sensitive data─especially PII and financial documents─could be unintentionally exposed to GenAI tools like Copilot.

Issue-Specific Remediation Guidance

Provided actionable workflows both for IT/security teams and for business units. Opsin enabled remediation to be either centrally executed or delegated to site owners and department heads through shareable, step-by-step instructions─empowering teams to fix issues without overwhelming IT.” own the risk”

Continuous Oversight of AI Activity

Monitored Copilot usage patterns in real time to detect behaviors that could pose insider threats or result in unintentional data leakage─alerting teams to violations of Culligan’s data security policy.

AI Policy Enforcement Through Existing Security Stack

Culligan used Opsin’s insights─specifically around which sensitive data and query patterns were flowing through Microsoft Copilot─to inform and implement CASB and DLP rules in their existing security infrastructure. This allows the organization to proactively block categories of sensitive data from being shared at scale and operationalize their AI usage policy across the enterprise.

“Opsin wasn’t just solving for Copilot. It gave us the base for governance that applies to any GenAI tool that comes next.”
Amir Niaz, VP, Global CISO, Culligan

Results: Confidence to Scale AI

With Opsin, Culligan was able to safely expand its Copilot rollout─while reducing the burden on central security and IT teams:

  • Sensitive data returned in Copilot queries dropped from 80% to under 15%
  • Culligan safely scaled Copilot to a broad user base that is growing on a daily basis─with confidence in policy enforcement and risk visibility
  • Decentralized remediation workflows enabled SharePoint site owners and business teams to take ownership, saving valuable time for security and IT
  • Established a company-wide AI usage policy and monitoring framework to govern safe AI use now and in future tools
“We had lived with some of these risks for years. AI just accelerated our timeline. With Opsin, we acted fast, which gave our business the confidence to adopt AI securely and at scale.”
Amir Niaz, VP, Global CISO, Culligan

Secure Your GenAI Rollout

Find and fix oversharing before it spreads
Book a Demo →