Trust and security are central to SafeBase’s product and culture. Their AI-powered trust centers are used by leading companies who need to demonstrate that their own security measures are up to the task of holding valuable, sensitive data for their customers. Part of delivering on SafeBase’s mission to build customer trust is to ensure that their own security practices are as strong as possible, without slowing down the pace of work.
Like many fast-growing, innovative companies, SafeBase relies on Google Workspace as the primary surface where work happens. Google’s strong infrastructure security and flexible features make it the ideal choice for email, document sharing, and collaboration. But Workspace also introduces unique challenges when it comes to making sure information is flowing where it needs to–and preventing it from leaking where it’s not meant to go.
Lisa Hall, SafeBase’s Chief Information Security Officer, oversees operational security, compliance, and IT and saw that the company’s small but mighty security team was relying on manual processes to secure the email, documents, and accounts that live in Google Workspace.
Manual processes gave some visibility, but didn’t scale
One of the first things that stood out to Lisa was that the process to manage phishing reports was extremely manual. Employees could either use the phishing report tool built into Gmail or they could forward the suspicious emails to a security team inbox. The team had a rotation where someone would manually review and triage each report, investigate the email, and often go back to the person who sent in the report to get additional information. It was a tedious, multi-step process that wasn’t a great experience for either the security team or the employee.
But the problem was bigger than just phishing. Before Material, the security team at SafeBase didn’t have an easy way to continuously monitor Google Drive. They performed spot checks on a regular schedule and during each of these spot checks, the team found misconfigurations and inappropriately shared documents. Their instincts told them that for every issue they surfaced, there were many more that their manual process wasn’t revealing. They needed a better way to get visibility into the overall security posture of the company.
Solving both of these problems felt like they required separate tools, in spite of Google Workspace being a single piece of infrastructure. Phishing tools are limited to inbound protections and wouldn’t provide insight into user configuration and Drive activity. Products used to help understand configuration and contents in Drive felt like they were built for legal and compliance teams, not for security teams who need to take action and fix issues. “When you look at it from the traditional legal side, you can see that something happened, and now the security team needs to go pull some data,” recalls Lisa. “It’s a very reactive approach.”
Material + Google Workspace = Proactive security operations at scale
Lisa had used Material at two prior companies and felt it could help transform SafeBase’s security operations from reactive to proactive. She had firsthand experience with the way that Material’s automated detection and response capabilities could dramatically increase the efficiency of lean security teams like the one at SafeBase.
After a quick, 15-minute implementation process, Material began to give the team a whole new level of visibility into Google Workspace. The ability to search across email, documents, and accounts in real-time combined with features to automate responses to what the security team uncovered proved to be a game changer. Best of all, SafeBase was able to verify that Material accurately identified and categorized sensitive information, so the security team didn’t have to second-guess what the system was identifying.
“Our IT team didn't feel like they had to creepily look into people's emails and documents to see what was in there. We could really trust Material when it said something was sensitive, so let's just auto report that to the user.” - Lisa Hall, Chief Information Security Officer, Safebase
One of the first things they looked at was how documents in Drive were being shared. Material revealed that there were a number of documents with sharing settings that exposed the contents to anyone with the link. Since this share setting was in violation of SafeBase policy, the security team was able to automate an alert to the owners of these docs to gently remind them to double-check their share settings. “About 80% of those inappropriate shares turned out to be because the user just didn’t mean to share that broadly,” says Lisa. “After getting the alert, they fixed the settings on their own and didn’t feel called out by the security team.” Material also offered the team the ability to automatically revoke these share settings in a set period of time in cases where the user wasn’t able to respond quickly.
The time spent on manual phishing investigations has been dramatically reduced thanks to Material’s auto-triage features. As soon as a user reports a phishing attempt, Material automatically clusters similar emails and protects users across the company. “While I’m asleep, Material is helping me triage emails and blocking those from getting to other people, without my team having to take action,” says Lisa.
“With Material, we have a mightier team. It gives us the ability to take away some of the toil on my team with the automation that Material brings. The security team doesn’t need to just check every email and do all the data mapping across multiple tools. It’s so much easier.” - Lisa Hall, Chief Information Security Officer, Safebase
Goodbye restrictive policies, hello always-on protection
Another always-on protection that the security team appreciates is Material’s ability to prevent unauthorized access to the information in inboxes. Knowing that overly-restrictive data retention policies can stifle collaboration, the security team instead uses Material to redact sensitive data from inboxes and protect it behind a simple MFA prompt that’s familiar to their users. “We can sleep at night knowing that the information in email–even if it’s been around for years–is being protected with that extra layer of MFA protection,” Lisa says.
“We can protect the data in email, and it doesn't take a data loss prevention alert for us to jump into action. With Material, we can turn on the extra protection of MFA, so even if people are keeping sensitive information in their email, we know that there's an extra layer of protection for that information.” - Lisa Hall, Chief Information Security Officer, Safebase
Today, the security team is able to protect SafeBase’s Google Workspace environment without slowing down business or adding manual work. “With some security tools, it takes another human to tune the tool and to learn the special queries required in the tool. Material is not like that. We can set it and forget it,” Lisa says. “With Material, we have a mightier team.”