Ad Hoc uses Nira to reduce security risks while improving the employee collaboration experience

Ad Hoc is a digital services company that helps the US government better serve the public. The company’s team of experts allows federal government agencies to transform public services into digital services, creating websites and applications that offer availability, better features, and ease of use. By providing assistance that is more intuitive and user-friendly, Ad Hoc helps the public receive the government resources and information they need. 

Cybersecurity, particularly related to Google Drive, was a prime concern for the company as it worked to fulfill both consumer and government expectations and keep sensitive data secure.  Although some companies might overlook these access risk issues, Director of IT and Security Scott Murray says it was a high priority for the organization.  

As a rapidly growing organization that does much of its work in Google Drive, I am always looking for ways to better secure the information we have there.

Scott Murray,

Director of IT and Security

What Ad Hoc really wanted was to find a tool that provided a human-centered approach to resolving security risks. But other tools were unable to provide the investigation and remediation capabilities that the company needed to solve access issues in an intuitive way. The data was difficult to interpret and didn’t have enough depth and scope. 

“Getting data out of the admin panel in Google Workplace was not a problem. Getting data that was not incredibly noisy and actually understandable took too much valuable time,” Murray said. 

Murray had an instinctual understanding of the potential risk that the company had in its Google Drive. However, he could not prove his concerns with confidence to team members. He wanted a tool that did more than offer consulting services or a quick but incomplete fix. Ad Hoc needed to immediately remediate risks and maintain its security response. 

“There are a lot of companies who offered consulting services, or they’ll come in and fix issues for you for a pile of money,” Murray said. “But I needed to fix it and then I needed to maintain it.”

Ad Hoc turned to Nira, with its comprehensive visibility and easy-to-use interface, to quickly identify problems in Google Workspace and then take action to fix them. While other tools had a multitude of restrictions, Nira made access control simple. 

The access data we get from other tools can be incredibly limited and not easy to understand. Nobody in my organization has the time or inclination to interpret it. Nira makes it easy for us.

Scott Murray,

Director of IT and Security

Nira helped Ad Hoc save time and resources, allowing it to see a return on investment as soon as it started using the tool. After a couple of months, Murray explained he had already received $100,000 worth of productivity out of Nira. Work that might have taken a full-time employee over a year to do, Murray was able to resolve quickly and efficiently.

Comprehensive visibility to proactively discover threats

Nira gives Ad Hoc the ability to find and investigate broad and granular issues

Murray says there are two types of IT and security people at Ad Hoc who use Nira’s tool for document security. As Director of IT and Security, Murray is more interested in the aggregate—in the broad overview of risks that can be found in the company’s Google Workspace. He wants to know the entire number of potential issues so he can strategize how to proactively resolve them.

Meanwhile, an Ad Hoc help desk or integration engineer will be looking at issues from a different angle. For example, they may get a ticket request saying that a document is deprecated, but its owner no longer works for the company so they are unable to delete the document. If Murray tries to delete it for them using the Google Admin console, it’s not a simple fix and takes extra work to investigate. 

But using Nira, the process is quick and efficient. What could have taken hours of manual investigation is resolved in minutes. 

“With Nira, you type in the name of the document owner or title. You click the box. You type ‘delete.’ You’re done,” Murray said. “It’s that simple.” 

Nira allows Murray and his team to take care of both needs: understanding the overview of every potential risk in Google Drive and having the ability to instantly investigate and fix more granular issues. 

Secure employee offboarding and subcontractor access 

Nira allowed Ad Hoc to fix critical access issues involving employees and subcontractors

Through Nira, Ad Hoc can quickly remediate access risks including issues related to employee offboarding and owner transfer. When an employee leaves, their access to sensitive company information can persist, and they may own company documents long after they stop working with the organization. As part of the offboarding process and compliance requirements, ownership of files should be transferred to another employee.

After employees leave, I move all the documents they own from this person to that person who replaced them. Those are not things that could be done in a reasonable amount of time without Nira.

Scott Murray,

Director of IT and Security

According to Murray, being able to use Nira for transferring document ownership has been a huge asset. “It’s been the single greatest time saver we’ve had,” he said. 

Nira also helps Ad Hoc with issues like subcontractor access. After subcontractors no longer work with the company, they may still have access to sensitive data through their company or even accidentally added personal email accounts. This causes a multitude of access risks that need to be addressed. 

Nira has been crucial for removing access of people or contractors who are no longer working with the company. It’s the tool of choice when we do an audit.

Scott Murray,

Director of IT and Security

Nira is also the only tool on the market that offers visibility into inbound documents or documents owned by external accounts, including personal ones. With Nira, Ad Hoc is able to take care of any outstanding issues related to subcontractors or personal account access, quickly and securely. 

Employees are empowered to take action and stay secure 

Nira gives Ad Hoc the ability to alert employees about issues and allow them to fix them

When Ad Hoc rolled out Nira’s employee security portal, which allows end-users to fix sharing issues on the documents they own, the positive feedback was immediate. 

Murray said he started by asking employees to take action on a common but potentially risky issue. Within 24 hours, Ad Hoc employees had reduced the number of files at risk by over 50%.

Although Murray only asked employees to take action on one issue, they started using Nira to take care of other issues, a fact that surprised Murray. 

As I’m watching the audit log, I’m seeing people going back into Nira and doing other actions that are not related to the audit that we pushed. It’s spectacular. I was not expecting this type of adoption right off the bat. This is a testament to the ease of use the Nira interface provides.

Scott Murray,

Director of IT and Security

Nira enables all Ad Hoc employees to be part of the security process by providing the ability to alert end-users in Slack about potential risks and enforce policies without completely locking down collaboration workflows. 

According to Murray, this is a gateway for easy buy-in to help employees better manage security. 

“We’re a very Slack-centric company, so it’s a huge tool and gateway for me,” Murray said. “I can configure watchlist items through Nira that are more fine-grained, as well as potentially more dangerous ones.” 

Although Ad Hoc has specific sharing policies in place for employees, it appreciates Nira’s flexibility and having a more tailored approach to data security. 

Most big companies, and especially government contractors, tend to lean heavily on the ‘lock it all down’ side of the security spectrum. But Ad Hoc wants to stay secure without making it so burdensome that our employees can no longer be creative or efficient.

Scott Murray,

Director of IT and Security

According to Murray, Nira enables Ad Hoc to find practical ways to protect itself and its customers while still allowing employees the freedom to do their jobs and mitigate security risks. 

Employees can take action to resolve issues in the employee security portal, helping bring about a culture of security in the organization.

My biggest goal is to trust that people want to do the right thing. Nira makes it as easy as possible for them to do the right thing.

Scott Murray,

Director of IT and Security

Not just a customer-vendor relationship but a partnership in security

Nira’s customer service element allows both companies to feel like partners. Murray maintains that the level of care they receive with Nira has been unprecedented. 

A step above doesn’t cover it, it’s a different class of service. Our relationship with Nira doesn’t feel like a customer-vendor relationship. It’s a partnership.

Scott Murray,

Director of IT and Security

What sets Nira apart from other vendors is its team’s willingness to listen to customers and then act on what they learn in a timely manner, says Murray. Rather than saying they’ll put it “in the backlog,” as other vendors have said, Nira’s team makes sure feature requests are taken seriously.

“When we have a feature request, Nira shows how it fits or how it might fit in the future,” Murray said. “I always feel heard.” 

For Murray, transparency around Nira’s product roadmap is a huge benefit that will be vital for future workflows and provide greater peace of mind going forward. 

“A year from now, Nira’s going to be providing even more value,” he said. “As I leverage it fully, I will be able to proverbially sleep at night.”