Fouad Matin

@fouadmatin

Natalie Marleny

@nataliemarleny

Elsie Phillips

When companies are just starting out, everyone practically has access to everything; with one or two people setting things up and sharing with the team along the way.

It doesn't take long before there's a group for finance@, legal@ or privacy@ and yet everyone still has access. When the CEO creates an exec@ group for their newly minted exec team, do they know that the default settings are "Anyone can view conversations" and "Anyone can join the group"? What about the auth-prod@ group that gates access to internal tools?

Read on to learn why we built a free tool Indent Scan to make finding potential security violations in your stack as easy as possible — starting with Google Groups.

Screenshot of example scan report

At a certain point, it becomes challenging to keep track of all of the groups handling sensitive matters. It’s easy for users cough executives cough to spin up new groups and not understand the implications of the default settings.

When trying out the scanner, some admins discovered executive, compliance, and legal groups left wide open for anyone to view their conversations or join. It would only take one bad actor finding those groups to cause a major incident.

We built Indent Scan to give admins a tool to uncover key resources with problematic settings for their risk levels and a way to easily remediate them.

Initially, you can use the scan tool to find which sensitive groups in your Google Workspace have overly permissive viewing and joining settings. We’ll also make recommendations for the correct settings, and show you how to update them.

This is just the beginning of Indent Scan though. Misconfigured permissions are pervasive beyond Google Groups. We’ll be expanding the Indent Stack Scanner’s functionality to work with additional tools like Okta, GitHub Repos/Teams, and other in-scope vendors.

In the future, Indent Scan will have the ability to automatically update the settings and route to group owners for approval. Stay tuned for updates!

Here’s an interactive example scan report →

Once you're ready to see your own scan results:

• Step 1: Install the Indent Scan tool — start now →
  • Log into Indent or create an account
  • Connect your Google Workspace
• Step 2: Scan your Google Workspace
  • View suggested risk categorizations for each google group
  • Surface high and medium risk groups with default or misconfigured settings
• Step 3: Remediate and lock down
  • Review and adjust risk levels or implemenent security recommendations
  • Shift to an On-Demand Access Control (ODAC) model to limit access

Have questions, need any help or want to see a demo?

Feel free to schedule time with our team →