Sales audit procedures for Security

How to create outlook signature

foreign Cloud on this week I wanted to talk about security audits they're a popular service here at damson cloud and I thought it might be valuable to run through exactly what they are I'm going to cover what is a security audit why you should get a security audit for your Google workspace environment what kind of challenges do organizations face who are looking for security Audits and finally what are the steps of a Google workspace security assessment or audit that we actually take and when we take you through them so firstly what is a security auditor well the Google works based security assessment or artist helps improve the security posture of your Google domain through an assessment of the current configurations security processes and procedures it aims to evaluate the security settings and processes and procedures document and prioritize the next steps to help you actually improve your security posture and also train your administrators an IT team on on how to review the security best practices there's a couple of objectives here um obviously auditing the Google workspace settings and we find that customers they haven't often done that you know maybe it was something that they did when they first moved to Google but it's not something that they're kind of doing on a regular basis maybe it's been a few years or even longer and they just really want to document those and write them down and so that they have that recorded somewhere create an implementation plan to address the security improvements and initiatives and technically enable your team to execute on these key recommendations there's a couple of deliverables as well we will give you a document that will give you a detailed review of your actual security settings Google's best practices an Executive review of the recommendations and a prioritized list of the actions that we recommend that you should take so why would you get a security audit well there are many reasons why organizations um want to get a security audit of their Google environment however they're kind of a couple of common uh reasons that people tend to come to us and I'd say probably the top three are around eliminating risks they want to guard against new and existing security threats and they want to make sure that they're kind of leveraging all of the tools and that are at their disposable already awareness is another big one where they want to improve and adopt and the security features amongst their it team and indeed their end users and then the other area tends to be incident response management where they want to increase the effectiveness of actually responding to an incident and if or indeed when it might occur within the organization particularly around Google workspace so what are the challenges that organizations tend to face who are looking for a security audit well often we're talking to the it teams and they've perhaps taken over from somebody else so they didn't actually set up the Google workspace environment and they maybe feel that they can can't kind of stand over the settings and the policies that are in place so they want someone else to come in as a third party and just look at those settings and say yes this is this is how we would set this up as a Google partner who's done this hundreds of times this is what we would recommend and the other area is if an organization has grown very rapidly maybe they've they've had a lot of growth or they've gotten funding and they've grown very quickly and maybe the settings that they had in place in the organization were small was fine but now they need someone again to kind of come in and look and say well now we're a hundred staff now we're number 500 staff and we have these other requirements now that we didn't have before this can sometimes be accompanied by external factors perhaps the organization wants to increase its security posture because of investment or acquisition or indeed an ISO and requirement that's that's often you know customers may be doing an ISO certification at another level they're looking at all of their I.T systems and Google workspace obviously being one of the core systems that our business is using and they're all of their users are using and will fall under that as well and the other area is if a customer has upgraded to a higher tier so we see this where customers upgraded to maybe Enterprise from one of the business tiers and again they don't feel like they're fully leveraging all of the security features on the platform and this again is common when an organization is is growing and I kind of feel here like we've seen interesting examples in in all of these different areas where you know a customer isn't using DLP but they have data loss prevention on uh the Google workspaces and they've upgraded to Enterprise but they're not actually leveraging that those DLP or context aware access features that's a very common one also we see when when an organization has had Google workspace for a long time maybe some settings that were in place again when the organization was was smaller so for example when you create a document that anyone in the organization can read that document if they have the link now that might be fine when your 10 users or 50 users but when you're 100 or a thousand you maybe you don't want everybody to be able to just view a document if they have the link and again people might think oh that's okay they'd have to get the link but I've seen scenarios where maybe someone has put a link to a document in a calendar appointment the calendars are set up that everybody can see everybody else's calendar again maybe an early setting within the business and suddenly someone has access to a document that they shouldn't so again it's just about evaluating those settings documenting them and seeing is that the best practice and does that make sense for us for our organization so what are the steps of a security workspace assessment well before I go into this I thought it might be useful to look at the scope and what we tend to include within the scope of the security auditor assessment the technical configuration is an obvious one we're going to review those security configurations and processes that are associated with Google workspace we're going to look at the policies and procedures and the best practices that Google have and we're going to look at things like identity and authentication account recovery user provisioning and you know controlling administrator access we often see that too many super admins on an account we're going to look at things like e-discovery security operations admin alerts event monitoring incident response handling within Gmail we're going to look at authentication encryption content compliance Google Drive is another popular area looking at the sharing settings the syncing capabilities the DLP within Drive access controls for other services like maybe Google Calendar or chat or meet directory services and then at kind of a high level we're going to look at those device management capabilities we're going to make sure that we educate your team that we guide them on how to execute on these top priorities that we're recommending and then obviously we're going to give that um recommendation plan and the execution plan that with the prioritizations that your team can take away and actually execute on that what kind of things are out of scope so out of scope is going to be stuff like Chrome OS browser security configurations and third-party apps is another big one customers could have dozens or even hundreds of third-party applications we definitely don't have time to get into all of those and so they tend to be able to scope and also the the user settings within those third-party apps Chrome web applications and the actual implementation of the changes so the remediations we're not going to do those as part of the audit sometimes sometimes customers might pay us afterwards to do those but we generally recommend that we're doing it with the IT team because they're training and we're enabling them as part of the process so what are the steps in the Google workspace security assessment well um there's kind of four key steps initially we have the kickoff meeting where we meet with the IT team and the security team and we discuss your specific requirements why is it that your organization is looking to do this right now because that's valuable for us to know if there's been a security incident if it's part of an ISO um auditor or certification it's valuable for our team to know what's behind um that drive to to do this audit right now then we get administrator access excuse me we get administrator access from you and we go and we look at the settings within um your Google workspace environment and we do that full audit and document every single feature um and and setting uh within within the platform then we we go back and we and we um identify those potential risks and those recommendations and that prioritization list and then the education piece happens where we conduct that security workshop and surface those um audit results and promote those best practices on some of our proposed recommendations with our execution plan and then we're working with your team to help Implement those recommendations and you know whether that's sort of training or whether and that's just support that your team needs to implement that and that tends to be that sort of next step or final step I hope you guys found this video valuable if you or your organization need to improve your security posture on Google works space or perhaps you're just unsure about um whether you're fully leveraging all of the security features and capabilities within the Google platform then why not get in touch with our team today we'd be happy to set up a discovery call to discuss your organization's specific requirements thanks for listening to me today hope you guys found this valuable if you haven't subscribed to the dancing Cloud YouTube Channel please do that or if you're watching this on some other social media platforms please do follow us on there as well and I will see you guys in the next one thank you foreign [Music]