The Untouchables? Reclaiming Accountability for Those Who Protect Us

Exploring how administrative roles and AI agents can expose sensitive data — and what we must do to protect it

Bogotá, Colombia – May 19, 2025.

Introduction: The Rising Tide of Oversight and the Forgotten Perimeter

Just a few days ago, RSAC 2025 concluded with a remarkable convergence of innovation, urgency, and reflection. Across packed sessions and showcases, Artificial Intelligence took center stage – not only as a threat vector but also as a powerful enabler. New tools and frameworks were introduced, including intelligent agents capable of automating remediation, capabilities to track how end users consume and interact with sensitive data, and mechanisms to detect oversharing, overexposure, and anomalies in information flows.

From Data Loss Prevention (DLP) to Digital Security Posture Management (DSPM), we saw major progress toward making the invisible visible – empowering security and compliance teams to identify when information is being shared inappropriately or left unprotected across clouds, apps, and AI interactions. Notably, tools such as Microsoft Purview, Microsoft Defender, and Security Copilot showcased how we can go deeper into surfacing sensitive content, mapping risk, and applying intelligent guardrails.

But amidst all this progress, an uncomfortable silence echoed through the halls – a critical omission that, while rarely spoken aloud, continues to grow in urgency.

In our fervent pursuit to monitor, restrict, and educate end users, we’ve built an arsenal of capabilities around identity, access, and data awareness. Yet, many of the incidents making headlines stem not from untrained employees, but from within: administrators, operators, and privileged users – those entrusted with the keys to the kingdom.

Too often, these internal activities fall outside standard oversight models. IT logs are scattered or incomplete, admin sessions are poorly contextualized, and audit trails are either inaccessible or designed without sensitivity in mind. In some environments, the assumption persists that because these users operate “the controls”, they are the control – an assumption that history has proven dangerously false.

This is not just a theoretical issue. Several real-world breaches and compliance failures have been traced back to excessive permissions, invisible changes, or misuse of elevated rights – all from within the very teams tasked with protecting the enterprise.

It’s time to extend our data governance vision. Visibility should not stop at the business layer or with external threats. We must apply the same rigor to those who hold operational power. It’s not a matter of distrust — it’s a matter of accountability, transparency, and resilience.

The era of AI-driven data security demands not only smarter tools, but smarter frameworks of trust. We must ensure that the tools we rely on to audit and protect others are themselves auditable. That the people behind the dashboards are also within scope. That every action – regardless of role – is understood, measured, and governed.

Only then can we claim true end-to-end data protection.

Discussion

A Call for Accountability in the Age of AI and Oversharing

The phrase “Who watches the watchers?” – rooted in ancient Roman thought (Quis custodiet ipsos custodes?) – continues to echo in the most modern of spaces: our datacenters, security dashboards, and compliance frameworks. Once philosophical, it’s now a pressing operational dilemma.

Over the past decades, digital systems evolved from simple back-office tools to interconnected intelligence engines that govern finance, healthcare, critical infrastructure, and human decisions. Now, with the explosion of Artificial Intelligence (AI) and autonomous agents, the complexity has reached a new level – and with it, so has the risk.

The Default Focus: End Users

Most security strategies today revolve around end users – the perceived weakest link. And not without reason. Accidental oversharing, mishandling of sensitive files, and poor judgment in AI prompts have cost organizations millions in fines, brand damage, and legal liabilities.

🔍 Security solutions now boast:

Behavioral analytics

for anomaly detection

Automated DLP and DSPM tools

to flag overexposure

Governance dashboards

that offer visibility over unstructured and structured data

Agents and Copilots

that guide or block user actions in real time

Most security strategies today revolve around end users – the perceived weakest link. And not without reason. Accidental oversharing, mishandling of sensitive files, and poor judgment in AI prompts have cost organizations millions in fines, brand damage, and legal liabilities.

Security solutions now boast:

The Overlooked Layer: Internal Power Users

What about those behind the controls? Administrators, IT operators, compliance engineers, and analysts – those who not only build the rules, but also access the most sensitive telemetry, audit reports, and classified content?

📊 According to various insider risk reports from 2024, over 34% of confirmed data breaches involved privileged users – not rogue actors, but individuals operating within their job scope, using tools as designed, but without oversight.

Despite this, many organizations still:

The AI Factor: Silent but Capable

Now, AI is entering. These tools are designed to reduce workload – but they also automate visibility into sensitive datasets. For instance:

And while these use cases help protect the business, the activity itself is highly sensitive. Who authorized it? Who reviewed the query logic? Where is the audit trail?

The AI Factor: Silent but Capable

We often place immense trust in IT and security professionals – sometimes even blindly. HR screenings, certifications, and long tenures foster a belief that these users are immune to risk.

But as one insider famously said:

"I don’t need to steal anything. I can just see everything."

We talk about zero trust. But in practice, we operate with absolute trust in the most powerful accounts in our environment.

When No One Has “the Answer”

In multiple industry sessions and roundtables – from Microsoft Airlift to RSAC 2025 – the question kept surfacing, like a ghost in the machine:

Who watches the watchers?

The responses reflected a mix of reflection and uncertainty. In several instances, there were no dedicated tools, no established processes, and no formal accountability framework. In some cases, the topic had simply not yet come into focus.

Security dashboards track what users do. But who tracks who looked at the dashboards?
We see alerts when users try to share sensitive documents. But who alerts us when an engineer runs a query that exposes all sensitive documents?

The Next Layer of Governance

This article is not written to criticize, but to catalyze. To propose that governance must evolve in parallel with our tools – and accountability must extend through the security stack, not stop at it.

🧭 Where to begin:

There are logs. There is evidence. But the reality is this data is often buried, fragmented, and complex to correlate. It’s possible – but it requires a cultural shift and dedicated effort. Mining insights from those logs shouldn’t be a forensic last resort – it should be a compliance baseline.

A Final Thought

We’ve built a world of controls. But as we enter the era of AI, controlling the controllers is no longer optional. It’s the only way forward.

🧩 Let’s start asking harder questions.

🔐 Let’s stop assuming trust where there is no validation.

📢 And let’s invite a discussion: How can we, as a community, watch the watchers?

Conclusion: From Oversight to Accountability - A New Era for Digital Governance

In a time where data is the most valuable currency, and AI the most powerful enabler, the stakes for digital governance have never been higher. The cybersecurity landscape continues to evolve, not only in response to external threats but increasingly in recognition of internal blind spots.

At RSAC 2025, the industry showcased its best innovations – AI-powered agents, real-time visibility tools, and enhanced frameworks for monitoring end-user behavior. These advancements reflect a mature understanding of oversharing, overexposure, and the operational risks posed by unintentional data misuse.

Yet, despite this progress, a critical area remains unaddressed – the activities of those who configure, review, and enforce these protections. Administrators, analysts, and automated agents now hold more access and insight than ever before. Their actions can shape – or compromise – the security posture of the entire organization.

What remains largely invisible is how these individuals operate. Who monitors when an admin exports a DLP match report with confidential classifications? Who validates that an AI agent’s logic isn’t overreaching? Who ensures that visibility doesn’t become vulnerability?

The irony is clear: we have invested in controls without investing in controlling the controllers.

This is not a technical limitation – audit trails often exist. It is a governance challenge, one that requires new cultural norms, policy updates, and organizational courage. Trust must be verified, not assumed. Transparency must extend to every layer – from business users to backend engineers, from copilots to compliance.

We are standing at a crossroads where AI empowers us to see more – but also do more. It is our responsibility to ensure that this power is not misused, ignored, or left unmonitored.

Open Questions: A Challenge to the Community

💬 The question remains:

Are we ready to watch the watchers — or will we continue to look away?

Synergy Advisors is here to help.  Email us at [email protected] to speak to one of our architects about how we can help you implement the Microsoft 365 solutions described above.  Together we can build a platform that ensures your data is secure.

Beyond our consulting and managed services, our proprietary E-Visor solution can help automatically retrieve, correlate, and interpret logs across Microsoft 365 and beyond to present unique insights to business and technical audiences in a series of PowerBI reports.  For more information about E-Visor, email us or visit our webpage: E-Visor – Synergy Advisors.

Author

Sebastian Zamorano

Architect Consultant

Scroll to Top