By 2025, up to 99% of cloud security incidents will be due to a user error. Such vulnerabilities can be effectively prevented.
What is a security audit?
A security audit involves a detailed check of your Google Workspace instance’s settings to ensure that it is secure against data leaks, cyberattacks, or fraudulent employee actions.
Remember that the security concept in the cloud is based on the Shared Responsibility Model
Takes care of the physical infrastructure security
Secures access to their data, systems, and applications.
Why carry out a security audit?
Consider what will happen if:
With a security audit:
What areas will we examine?
During a security audit, we look at more than 150 risk points within eight key areas.
Identity verification and authentication
Including account recovery, password management, multi-factor authentication, and SSO.
Including access control for IT service management staff and Google Vault.
Including management of add-ons and third-party access according to the OAuth standard.
Including alerts for administrators, threat analysis tool, and incident response handling.
Including authentication, encryption, security, and compliance with various requirements.
Including sharing settings, synchronisation tools, and DLP rules.
Other service settings
Including access control for Calendar, Chat, Spaces, Groups, Meet, or Websites.
Including control policies for browsers, mobile and desktop devices.
How is the process going?
The security audit under the care of the FOTC is carried out in four stages.
A kick-off meeting, where we will get to know your organisation's needs, plan the process, and set up working teams.
Carrying out an audit, meaning a detailed review of the security settings of your company's Google Workspace instance.
Recommendations – we will prepare a list of guidances to be implemented to increase your company's cyber security level.
A workshop, to explain to your team how to deliver the changes with the highest priority.
Download the report excerpt
If you would like to get familiar with the level of detail in analysis and understand better what you can expect from the FOTC audit, download an extract of a sample report.
Google Cloud partner support
Since 2014, our specialists have moved more than 2,500 companies to the cloud. Today we take care of almost 150,000 Google Workspace licences. You, too, can benefit from our knowledge and experience. During the four weeks of the security audit, we will always be in touch with you. We will support you with implementing the most critical changes, advise you on actions to take in the future, and answer all your questions.Order an audit
What do our customers say about us?
The best supporters of our brand are customers. Learn about their opinions on cooperation with FOTC.
Piotr PisarzCo-Founder and CEO at Uncapped
Thanks to the collaboration with FOTC, we pay less for the same Google Cloud services and use a more convenient payment method. We can also rely on technical support, both for ad hoc requests and larger projects. Having such a partner, we can even more benefit from Google Cloud technologies and Google Workspace applications.
Kamil KikCEO Pakersi.pl
The first licenses were implemented in direct collaboration with Google, but we later discovered that there were rebates and technical support associated with using the local partner's services. It is good to know that there is someone who can always offer support in Polish language, with new challenges related to the use of the service.
Piotr BuszkaCo-Founder w feeCOMPASS
Google Cloud services allow us stress-free scaling of the system, which also translates into business scalability. Thanks to the high availability of infrastructure and monitoring of service efficiency, we can in good conscience establish cooperation with large customers, who have high expectations.
No, the auditor won't have access to your data - neither on the Drive nor on your mail. They will only be able to see general information about the space taken up in these applications. In the reports, they will also see the basic information about the activities performed on the Drive. You can always check the extent of the activities performed by the auditor in the administration logs.
Not if you are our customer and do not block reseller access to the Google Workspace instance. Otherwise, creating an account for auditors may be necessary.
No, our auditors will prepare a list of recommendations for you to implement to improve your company's security level. However, you will need to decide whether to implement them in the console. Your team members will be responsible for making any changes. They are the ones who know best how to break down the process so as not to disrupt users in your organisation.
We provide you with a comprehensive file containing a set of guidances and security best practices you should introduce to your company. During the workshop at the end of the audit, we will discuss the key points and answer your questions so that you can plan your improvement process accordingly. You can download an excerpt from the sample report here.
No, we do not.
Yes, you can count on us in this regard.
No, because we do not enforce the implementation of our recommendations. Nor do we not have control over whether changes are implemented. All this makes it impossible for us to grant you a certificate.
Yes, we will explain how to introduce the key changes and answer all your questions.
We will have access to the administration console settings. We recommend that the company we are auditing is our customer and that the instance has open reseller access. Then you can be sure that we are not privy to any sensitive data you store in Gmail, Drive and other services.
There is no need for your employees to be present at every stage. We will need your team only to grant access to the console, complete the form, and turn up at the workshop. We will take care of the rest ourselves.