Google Workspace
security audit
Find out if your company data is safe in the age of remote working, mobile devices and public clouds
Write to us
By 2025, up to 99% of cloud security incidents will be due to a user error. Such vulnerabilities can be effectively prevented.
What is a security audit?
A security audit involves a detailed check of your Google Workspace instance’s settings to ensure that it is secure against data leaks, cyberattacks, or fraudulent employee actions.
Remember that the security concept in the cloud is based on the Shared Responsibility Model
Cloud provider
Takes care of the physical infrastructure security
User
Secures access to their data, systems, and applications.
Why carry out a security audit?
Consider what will happen if:
Your accountant's work laptop falls into the wrong hands? Someone takes over access to the drives on which you store sensitive data? An email from which you previously sent company card details will be hacked? A rogue manager will pass on confidential information to a competitor? Your lawyers will need information from an already deleted email?
With a security audit:
You will find out who is sharing company data within and outside your organisation. You will implement two-step verification and seal access to resources stored in the cloud. You will gain the ability to restore data after malicious or accidental deletion. You will learn about advanced security settings for the applications included in the suite. You will reduce the risk of unauthorised access to Google Workspace accounts on mobile devices. What areas will we examine?
During the Basic Security Audit we will perform a detailed analysis of over 150 risk points in eight key areas.
Identity verification and authentication
Including account recovery, password management, multi-factor authentication, and SSO.
Administration
Including access control for IT service management staff and Google Vault.
Application integration
Including management of add-ons and third-party access according to the OAuth standard.
Security operations
Including alerts for administrators, threat analysis tool, and incident response handling.
Mail settings
Including authentication, encryption, security, and compliance with various requirements.
Drive settings
Including sharing settings, synchronisation tools, and DLP rules.
Other service settings
Including access control for Calendar, Chat, Spaces, Groups, Meet, or Websites.
Device management
Including control policies for browsers, mobile and desktop devices.
Extended Audit additionally encompasses the following elements
Google Drive Sharing
Export of all Google Drive shares by users on their own and on shared drives.
Google Chrome Audit
Verifying Google Chrome security-critical settings on user devices.
External Applications
Export of a list of all external applications (along with their permissions) which users allowed to access company data.
How is the process going?
An FOTC security audit Audyt proceeds in five stages and lasts four weeks.
Download the report excerpt
If you would like to get familiar with the level of detail in analysis and understand better what you can expect from the FOTC audit, download an extract of a sample report. You will receive post-audit recommendations in the form of a PDF file and a special spreadsheet (with links to documentation) that will help you coordinate and monitor change implementation.
How much does an audit cost?
Google Cloud partner support
Since 2014, our specialists have moved more than 2,500 companies to the cloud. Today we take care of almost 150,000 Google Workspace licences. You, too, can benefit from our knowledge and experience. During the four weeks of the security audit, we will always be in touch with you. We will support you with implementing the most critical changes, advise you on actions to take in the future, and answer all your questions.
Order an auditWhat do our customers say about us?
The best supporters of our brand are customers. Learn about their opinions on cooperation with FOTC.
Piotr Pisarz
Co-Founder and CEO at UncappedThanks to the collaboration with FOTC, we pay less for the same Google Cloud services and use a more convenient payment method. We can also rely on technical support, both for ad hoc requests and larger projects. Having such a partner, we can even more benefit from Google Cloud technologies and Google Workspace applications.
Kamil Kik
CEO Pakersi.plThe first licenses were implemented in direct collaboration with Google, but we later discovered that there were rebates and technical support associated with using the local partner's services. It is good to know that there is someone who can always offer support in Polish language, with new challenges related to the use of the service.
Piotr Buszka
Co-Founder w feeCOMPASSGoogle Cloud services allow us stress-free scaling of the system, which also translates into business scalability. Thanks to the high availability of infrastructure and monitoring of service efficiency, we can in good conscience establish cooperation with large customers, who have high expectations.
FAQ
No, the auditor won't have access to your data - neither on the Drive nor on your mail. They will only be able to see general information about the space taken up in these applications. In the reports, they will also see the basic information about the activities performed on the Drive. You can always check the extent of the activities performed by the auditor in the administration logs.
Not if you are our customer and do not block reseller access to the Google Workspace instance. Otherwise, creating an account for auditors may be necessary.
No, our auditors will prepare a list of recommendations for you to implement to improve your company's security level. However, you will need to decide whether to implement them in the console. Your team members will be responsible for making any changes. They are the ones who know best how to break down the process so as not to disrupt users in your organisation. However, if your company lacks the proper resources to implement the post-audit recommendations, we can offer our support in this area too. We can implement the changes as part of your technical support package or extra consultations.
We will provide you with a comprehensive PDF file containing a set of specific changes and best security practices that you should implement and follow in your company. Additionally, you will receive a spreadsheet with links to documentation that will help you coordinate and monitor the change implementation process. During the workshop concluding the audit, we will discuss the key points and answer any questions You may have, to help you plan the process. You can download an excerpt from a sample report here.
No, we do not.
Yes, you can count on us in this regard.
Unfortunately no. Since we do not enforce our recommendations and we have no control over whether the recommended changes are implemented, we cannot provide you with a certification. Nevertheless, you will receive our badge and statement confirming the completion of an FOTC audit.
Yes, we will explain how to introduce the key changes and answer all your questions.
We will have access to the administration console settings. We recommend that the company we are auditing is our customer and that the instance has open reseller access. Then you can be sure that we are not privy to any sensitive data you store in Gmail, Drive and other services.
There is no need for your employees to be present at every stage. We will need your team only to grant access to the console, complete the form, and turn up at the workshop. We will take care of the rest ourselves.