When was your last security audit?February 28, 2023
Whether you’re using Google Workspace (or any other solution) for collaboration and productivity - security is always an important topic, especially when using cloud technology across large organisations or those that have grown quickly. These often fall by the wayside for other projects but should be consistently at the forefront of any conversations when assessing business requirements, growth and continuity.
External or internal audit?
The most common reason we conduct security audits for our customers is down to their requirement for ISO 27001 certification. Being the international standard for storing information, most if not all organisations will have to adhere to these specifications for any ISMS they have. Damson Cloud works with Workspace customers of all sizes to ensure they are audited correctly when it comes up and provide recommendations on how to secure or improve their Google Workspace. There are more elements to a security audit than just data storage in Workspace, these include SSO(single sign on), 2 step verification enforcement, SMTP routing rules, IMAP/POP protocols for email, data loss prevention, secure document sharing among others.
Why have a security audit?
Besides needing it for the ISO 27001 requirement, it’s important for businesses to have a sound understanding of how secure their infrastructure is, how viable to vulnerabilities it is and to take advantage of any recommendations given by the people auditing the various elements that make up the information security elements of the business. Data storage, sovereignty and adherence to regulations such as GDPR is exceptionally important, remote working has also facilitated a further requirement for security due to the nature of data being stored in the cloud. The main reason for a security audit is awareness of the Google Workspace ecosystem and the features it can offer outside of what you get as standard to allow businesses to meet more stringent security requirements such as ISO 27001.
How long does a security audit take?
After the initial kick-off meeting, most audits will take between 2-3 weeks. The initial kick off meeting allows a fact finding to take place and aims and objectives to be set. Then after the audit is completed, there can be a list of recommended implementations which are reviewed and a timeline is set for these to be put in place for the business. Some are critical, some are important and some are desired. These will be addressed by the level of importance. The best time to undertake a security audit is whenever a customer has moved or is thinking of moving to Google Workspace, but good practice is to do it once a year too.
What information can be found during a security audit?
Generally speaking, there’s a large amount of information discovered during the process such as some customers not having an offboarding process or any user suspension. This means users can still access their accounts or data after they’ve left the business or from a mobile device still linked or that hasn’t been wiped. There’s also simple issues that possibly haven’t been implemented like 2 factor authentication. Often it’s the most simple of issues that haven’t been addressed! Each business is different and has different challenges in day-to-day operation so by arranging a kick-off meeting we can determine what unique issues may face each company.
Security should be at the forefront of your consideration as a business in 2023 and beyond. With data being so important and with new regulations coming in all the time, if you’ve not had an audit for a while, now is the perfect time! Get in touch with us here to speak to us about your security audit or if you are looking to work with a Google Premier Partner on your Workspace solution, please get in touch here.
We've also got a YouTube channel we update weekly with new videos and tips on how to get the most out of Google Workspace. You can subscribe here.