Closing the AI Oversight Gap: ConnectWise EVP Russell Humphries on Unifying Privacy and Security

AI is transforming business operations at speed, but oversight gaps are leaving organizations exposed. Russell Humphries, EVP of Product Management for Security and Data Protection at ConnectWise, shares why unifying privacy and security is critical. In this interview, he outlines practical steps companies can take to secure AI adoption while maintaining compliance and trust.

The AI oversight gap has been highlighted as a major issue. Why do you think so many organizations are moving ahead with AI adoption without putting proper access controls in place?

There is a lack of visibility into the details of real-world usage risk, and what awareness of risk does exist is balanced against the desire to quickly leverage the advantages AI can bring to many aspects of a business, encouraging ‘fire, aim, ready’ behaviors.

The problems of misconfigured access rights, inadequate event logging, and inconsistent data handling, measured against the overall ‘newness’ of the AI revolution, are a perfect storm to create easy entry points for compliance failures and operational risk.

Although data protection remains a top priority for IT teams and MSPs, terms like data security and privacy are used interchangeably. While they work together to safeguard sensitive information, each plays a distinct and complementary role. Clarifying this distinction is critical for building a compliant, resilient IT environment in an AI world

ConnectWise emphasizes unifying data privacy and security under a broader protection framework. Can you explain why separating these two functions creates gaps that attackers can exploit?

When privacy and security are managed separately, blind spots emerge. Privacy teams focus on how data is collected and shared, including from a compliance standpoint, while security teams focus on defending it (from data theft, misuse, destruction, etc.). If these functions don’t work in sync, misalignments occur, and attackers thrive on these gaps. 

For example, a company’s privacy team may enforce rules requiring customer data to be deleted after three years, but if the security team doesn’t implement automated deletion or access monitoring, that data can sit forgotten in a database. Attackers who breach the system could then steal sensitive information that should never have been accessible in the first place.

Beyond security risks, siloed approaches make compliance harder to prove and weaken client trust. Organizations can close those gaps by unifying privacy and security under a single protection framework. It ensures policies, technical controls, and compliance requirements all work together, creating fewer weak spots to exploit and a stronger overall defense.

Many companies feel pressure to adopt AI quickly to stay competitive. How can they balance that speed with the need for governance and protection?

Speed and governance don’t have to be at odds if audit, identity management, and data protection are built into the adoption process from the start—in SDLC terms, ‘shift left’.

 The key is unifying privacy and security under a single framework and then operationalizing it with practical safeguards that scale alongside AI, whilst recognizing new risk profiles. Simply applying Data Leakage Protection threat modelling is insufficient in an AI world where an attacker might leverage that AI to target the most valuable assets. 

The work begins with understanding the data and identity risk landscape.. For SMB’s that might be as simple as identifying who should have access to a relatively constrained set of assets and enforcing that access. For larger, more complex organizations that might have years of ‘data sprawl’, classifying and mapping sensitive data to know exactly what they’re protecting and where it resides

From there, enforcing least-privilege access, encrypting data in transit and at rest, and automating patching and vulnerability fixes help reduce the attack surface without slowing down innovation. Real-time monitoring ensures unusual activity is flagged immediately, while keeping pace with evolving regulations ensures compliance doesn’t lag behind adoption. Taken together, these steps allow businesses to move quickly with AI while maintaining the governance, protection, and trust their stakeholders expect.

What role does compliance play in closing the AI oversight gap, and how does a unified strategy help improve audit and regulatory outcomes?

Compliance acts as both a guardrail and a benchmark in closing the AI oversight gap. For example, regulations like GDPR, HIPAA, and CCPA set clear expectations for how sensitive data must be handled, forcing organizations to align AI adoption with accountability and transparency. But compliance isn’t just about passing audits; it’s about embedding protections into everyday operations. 

A unified strategy that integrates privacy, security, and availability under one framework ensures consistent policy enforcement, technical safeguards across environments, and complete audit trails. This alignment makes regulatory reviews more straightforward and reduces the risk of compliance failures that stem from siloed approaches. Ultimately, by treating compliance as a core part of governance rather than an afterthought, organizations can accelerate AI adoption and demonstrate resilience to regulators, auditors, and customers alike.

Looking ahead, what practical steps should organizations take today to ensure their AI deployments are both secure and resilient against emerging threats?

A unified data protection and identity management strategy is the most effective way to future-proof AI deployments. It requires more than policies; it demands the right tools to implement them. With a comprehensive ecosystem, MSPs and IT professionals can seamlessly integrate data privacy and security across client environments, improving their ability to enforce controls consistently, close oversight gaps, and respond quickly to new risks. 

Practical steps include embedding automation into patching and vulnerability management, centralizing encryption and key management, and deploying continuous monitoring that ties directly into incident response workflows. Just as importantly, organizations should align these safeguards with compliance frameworks so that audit readiness and security resilience advance together. By combining governance, technology, and execution under one strategy, companies can adopt AI at speed while staying protected against tomorrow’s threats.