

Google Workspace
security audit
By 2025, up to 99% of cloud security incidents will be due to a user error. Such vulnerabilities can be effectively prevented.
What is a security audit?
A security audit involves a detailed check of your Google Workspace instance’s settings to ensure that it is secure against data leaks, cyberattacks, or fraudulent employee actions.
Remember that the security concept in the cloud is based on the Shared Responsibility Model

Cloud provider
Takes care of the physical infrastructure security

User
Secures access to their data, systems, and applications.
Why carry out a security audit?

Consider what will happen if:

With a security audit:
What areas will we examine?
During a security audit, we look at more than 150 risk points within eight key areas.

Identity verification and authentication
Including account recovery, password management, multi-factor authentication, and SSO.

Administration
Including access control for IT service management staff and Google Vault.

Application integration
Including management of add-ons and third-party access according to the OAuth standard.

Security operations
Including alerts for administrators, threat analysis tool, and incident response handling.

Mail settings
Including authentication, encryption, security, and compliance with various requirements.

Drive settings
Including sharing settings, synchronisation tools, and DLP rules.

Other service settings
Including access control for Calendar, Chat, Spaces, Groups, Meet, or Websites.

Device management
Including control policies for browsers, mobile and desktop devices.
What areas will we examine?
During a security audit, we look at more than 150 risk points within eight key areas.

Download the report excerpt
If you would like to get familiar with the level of detail in analysis and understand better what you can expect from the FOTC audit, download an extract of a sample report.

Google Cloud partner support
Since 2014, our specialists have moved more than 2,500 companies to the cloud. Today we take care of almost 150,000 Google Workspace licences. You, too, can benefit from our knowledge and experience. During the four weeks of the security audit, we will always be in touch with you. We will support you with implementing the most critical changes, advise you on actions to take in the future, and answer all your questions.
Order an auditWhat do our customers say about us?
The best supporters of our brand are customers. Learn about their opinions on cooperation with FOTC.
FAQ
No, the auditor won't have access to your data - neither on the Drive nor on your mail. They will only be able to see general information about the space taken up in these applications. In the reports, they will also see the basic information about the activities performed on the Drive. You can always check the extent of the activities performed by the auditor in the administration logs.
Not if you are our customer and do not block reseller access to the Google Workspace instance. Otherwise, creating an account for auditors may be necessary.
No, our auditors will prepare a list of recommendations for you to implement to improve your company's security level. However, you will need to decide whether to implement them in the console. Your team members will be responsible for making any changes. They are the ones who know best how to break down the process so as not to disrupt users in your organisation.
We provide you with a comprehensive file containing a set of guidances and security best practices you should introduce to your company. During the workshop at the end of the audit, we will discuss the key points and answer your questions so that you can plan your improvement process accordingly. You can download an excerpt from the sample report here.
No, we do not.
Yes, you can count on us in this regard.
No, because we do not enforce the implementation of our recommendations. Nor do we not have control over whether changes are implemented. All this makes it impossible for us to grant you a certificate.
Yes, we will explain how to introduce the key changes and answer all your questions.
We will have access to the administration console settings. We recommend that the company we are auditing is our customer and that the instance has open reseller access. Then you can be sure that we are not privy to any sensitive data you store in Gmail, Drive and other services.
There is no need for your employees to be present at every stage. We will need your team only to grant access to the console, complete the form, and turn up at the workshop. We will take care of the rest ourselves.