How Ampush uses Nira to protect client intellectual property and automate policy enforcement

Founded in 2011, Ampush is a best-in-class performance marketing agency driving outsized results for growth-oriented consumer businesses. Ampush has been called the ‘McKinsey of growth marketing’ and has the credentials to back it up having trained 300+ marketing experts and driving growth for 100+ different brands over the last decade. Today, Ampush continues to offer growth marketing services that help brands find and activate the right customers across high-reach paid marketing channels by leveraging their proprietary technology platform, data and analytics, and industry expertise.

Ampush establishes strong partnerships with its customers, establishing itself as a key thought partner in helping the customers’ business grow and scale. This helps build long-lasting customer relationships with a deep sense of trust. To safeguard that trust and ensure customer and company data remain safe, Ampush turned to information security company Nira.

Like many companies, Ampush uses Google Workspace to easily share and collaborate across its organization and with outside partners. However, this led to keeping up with millions of documents and hidden access risks.

“Ampush has millions of documents. You would think, how can a small team of maybe 100 people create tens of millions of documents? But, we did,” said Maksim Pavlishin, Head of Engineering at Ampush.

Ampush wanted full visibility and control as it worked to keep critical documents safe and maintain rigorous compliance standards. Protecting confidential business information was vital, as it worked to keep client intellectual property, customer financial data, and its own company IP secure.

As a marketing agency, Ampush has access to creative works and financial projections of its customers. These types of documents have to be secured and only shared with people who absolutely need access. However, it can be difficult to keep track of them using current solutions.

“Other tools are not as easily accessible. Nira’s ease of use is far above any other tool on the market today,” Pavlishin said.

As the technology landscape and regulatory environment continued to evolve, Pavlishin understood how mission-critical it was for Ampush to consider new tools to help manage a growing set of security risks and compliance standards. This was especially important for Ampush clients in highly regulated industries like healthcare. Pavlishin wanted a comprehensive tool that would go beyond the capabilities he found in the Google Admin console. This tool needed to maintain the highest standards of compliance with GDPR, HIPAA, and the California Consumer Privacy Act (CCPA), while also protecting proprietary work and financial data.

“It’s not just customer intellectual property but financial information. As a marketing company, we have access to the actual and projected growth of public and private companies,” Pavlishin explained. “That information needs to be properly restricted.”

Nira helped Ampush in several key ways, allowing it to maintain company and customer confidentiality and protect sensitive IP. Ultimately, Nira provided full visibility into access risks, a way to easily fix issues, and a behavior change across the organization, while providing immediate ROI.

Pavlishin said if he tried to build the same tools as Nira, he wouldn’t receive the same value, and it would cost his team tons of time and resources.

“If I tried to do this in-house, it would cost 20-30 times more in time and money. That’s just for the first year,” Pavlishin said. “Nira is an immense value for our team.”

Instantly identify hidden risks in Google Workspace

Nira gives full visibility and investigation abilities to find top risks

For Ampush, having complete visibility into who has access to its company documents is essential. It needs to know who is sharing what with whom, and what level of access they have to confidential company information. According to Pavlishin, Nira offered this clarity the minute he tried the tool.

“Nira provided the visibility I was looking for from day one. It showed me all the things I needed to improve from the first moment I logged in,” he explained.

Before using Nira, Pavlishin had no way to discover hidden access risks surrounding client intellectual property, customer financial information, and company IP.

As Pavlishin started digging into Nira’s capabilities and searching for owners of specific documents, he realized that many documents with public links were Ampush’s own IP.

“We are a marketing engine, so we produce lots of assets. We inadvertently had proprietary images and videos that were public, sometimes for years”, Pavlishin said.

When Pavlishin asked Ampush’s designers why their IP was public, the team became worried.

“Almost 90% of the documents that were public were images and other creative assets that were already released as part of ads – but they still needed to be properly protected,” Pavlishin said.

However, Ampush used Nira to turn the issue into an opportunity. Through the tool, Ampush IT was able to identify top risks and then do something about them.

“IP needs to be hidden and protected. So Nira helped us better define our IP and our value to our partners and customers,” Pavlishin said.

Although data security concepts are always evolving, Nira was able to provide visibility that was easy to understand.

Nira solves an information security problem in Google Workspace that is very complex. But they solve it in a clean, simple, and elegant way.

Maksim Pavlishin,

Head of Engineering

Pavlishin maintained that Nira’s easy-to-use interface was a key selling point. It made security more accessible, even for less tech-savvy users. Through Nira, he was able to gain an overview of the entire security landscape and then apply filters to dive into specific areas.

Pavlishin was also able to identify security risks that were actually significant. This was a key difference from other tools that often give false positives, wasting lots of time for IT and security teams.

“Nira’s ability to filter for certain document types and focus on security risks that are actually important is unparalleled,” he said.

Nira also provided Ampush with a risk assessment to identify unknown issues and gave it a way to easily share hidden risks with key executives.

“I knew the risks, but the problem was I wasn’t able to articulate them in a way that the business would accept,” Pavlishin said.

However, he was able to receive speedy buy-in from executive leadership by sharing a part of Nira’s UI and demonstrating a clear business case for Nira’s value.

“After I shared several Nira screenshots to my CEO and effectively showed the value and capabilities of the tool for Ampush, he was on board,” Pavlishin said.

Nira’s user-friendly solution was well worth the investment, according to Pavlishin. While very cost-effective for a company of Ampush’s size, Pavlishin understood that that was still very valuable even for a larger company.

“When I look into how much I spend on security, Nira is priced really well. It’s great for Ampush today and it would still be great if Ampush suddenly grew to 100,000+ employees tomorrow,” he said. “The simplicity pays for itself.”

Worry less about confidential documents or personal access

Nira allows Ampush to quickly address and fix its most critical access issues

Many Google Workspace users become uneasy when they see all the access risks from their company files and accounts, as some of these issues can be quite complex. But Pavlishin said the solution is simple.

“People start panicking when they realize how big their Google Workspace access problems are. Nira offers a simple solution to this,” he said.

It can be daunting, time-consuming, and almost impossible to find and fix all of these access risks using current tools on the market. This is where Nira can help.

Nira gives us the ability to find and address our most critical access issues within just a few minutes.

Maksim Pavlishin,

Head of Engineering

Research shows that most access-risk incidents are not caused by insider threats or nefarious employees but are the result of everyday human error. However, company information like documents being shared with personal accounts creates significant risk for companies.

Nira let Pavlishin discover hidden access risks that he wouldn’t be able to see otherwise. For example, Nira is the only current tool on the market that allows visibility into inbound documents: documents that are owned externally and shared with accounts at the company.

However, it wasn’t just about viewing access-risk issues. Nira offered a way to quickly resolve them.

Ampush employees needed to have access to the right customer information. Client financial information had to be heavily restricted. Customer IP and project details had to be limited to people working on the project. Using Nira, Ampush could easily filter for and then immediately restrict access for these cases.

“With Nira, we have the ability to see millions of our documents in one place and instantly know our risk level,” Pavlishin said. “And then using Nira, we can immediately drill down and fix identified access issues.”

Through Nira, Ampush had less to worry about when it came to confidential documents or sensitive IP. It could use the tool to identify risks and fix them before they became access-risk incidents.

“Nira gives me the confidence that we’ll get to where we need to be and prevent future disruptions or accidental data sharing,” Pavlishin said. “I know I will have peace of mind.”

Avoid one-time audits, reduce risk for the long term

Nira enables automated policy enforcement and organizational change

Often, companies will pay for an expensive one-time risk assessment or yearly audit that allows them to identify key access-risk issues. However, this method doesn’t get to root causes and does little to eliminate future problems. Pavlishin was more interested in reducing risk in the long term.

I’m not interested in a one-time audit. I like Nira because it enables a company-wide behavior change.

Maksim Pavlishin,

Head of Engineering

Ampush wanted to be proactive about prospective issues through automated policy enforcement and organizational change.

Through Nira, we have tightened access security in Google Workspace and changed organizational behavior, preventing future issues or accidental data sharing.

Maksim Pavlishin,

Head of Engineering

Being able to easily automate and enforce policies to keep sensitive documents safe was key, according to Pavlishin. He was able to set rules within the tool that allowed security measures to be continuously monitored and updated.

“Automation is very important where we have rules that restrict document access and run daily to validate and remediate,” Pavlishin said.

By enforcing rules around permissions through automation, Pavlishin was able to more easily train end-users without increasing their workloads.

“We just set a rule, and if all documents meet this rule, their permissions will be updated every day. The automation takes care of security, and the employees can continue with their daily business,” he said.

Automatic rule enforcement merged together with employee education and helped reassure that the company maintained the highest levels of security for its customers and for its own proprietary assets and data. Whenever employees had issues, Pavlishin could easily identify them and help them rectify common errors.

“Nira creates a behavior change across our organization, empowering employees to be part of the security solution,” Pavlishin explained.

Nira also helped Ampush as it worked with external parties and customers. As it identified issues using Nira, it was able to take better security measures through methods like creating secure shared drives and Google groups.

Not only did Ampush educate its employees, but it also implemented education around document security for its customers, even suggesting they buy a tool like Nira.

We are recommending Nira to everybody, reaching out to our partners and telling them about it. Everyone needs Nira.

Maksim Pavlishin,

Head of Engineering