Suddenly, operating at such an increase needed a shift in mentality from running as a small business to a medium/large-sized organisation. Previously, files were easy to monitor and manage within Google Drive; however, as the organisation grew, this became harder to govern.

‘Growth naturally meant more risk. We’ve been Google since the day the business launched, but when you start as an organisation of 50, you don’t necessarily think of things that are going to be important for 400 people. Data laws have also changed significantly in the last five years, so it’s far more important now that you have control of your data.’ Explained the Operations Manager on the project.

The organisation proactively does a lot of work surrounding risk management and, through assessment, concluded that over the years of expansion, some data was being shared externally without a way to control removing these shares. To help mitigate this risk, the company wanted to assess their environment in-depth and make the relevant changes to further secure their set-up and future.

As a starting point, the organisation knew that to mitigate data exposure risk, they needed to understand their data within Google Workspace but weren’t in a position to do so internally. Having already had a previous relationship, the organisation chose to scope the project alongside Netpremacy.

Initial data scans gave Netpremacy and the customer a detailed understanding of the current domain. ‘The data scans helped us understand what was and wasn’t being used. We had a large amount of files available externally, but most of those files hadn’t been touched in years.’ From here, a scan analysis highlighted immediate issues and any areas for specific consideration before working together to define removal criteria based on inactivity for periods longer than six months.

Before stripping permissions, a selection of files were whitelisted where necessary. Whilst many files were inactive, the organisation wanted to communicate the changes to their end-users to minimise any business disruption or confusion should a file no longer be accessible. Netpremacy’s Change Management team created a suite of comms explaining the updated process of drive-sharing permissions, meaning there was a central location for users to refer to with any queries.

When embarking on the project, a key objective was to give the organisation the ability to track data and permissions going forward. Netpremacy created a dashboard to make the data scan information digestible internally, allowing the team to curb any unauthorised external sharing in the future with total control and management.

By assessing and updating drive permissions, the organisation has further reduced their data exposure risk. Revisiting old approvals and establishing best practices has created an environment for the business to continue to grow rapidly and securely without the danger of vulnerabilities. Moreover, the dashboard gives the internal teams control to manage future permissions and curb any use cases that could expose threats to the organisation.

‘Sharing is now happening in the right way… we’re not monitoring people; we’re monitoring files, which is different. What we’ve done is standardise our way of working. We have reduced the risk of having data available where it shouldn’t be and now can track the data we have going forward.