Impel leads the automotive AI revolution through its Customer Lifecycle Management platform—delivering more engaging experiences for vehicle retailers of every type and size.
According to Senior IT Manager Michael Case, Impel has had rapid changes in the past five years.
Impel is known for software products that allow automotive dealers to create engaging interactive experiences for their customers. In recent years, the company expanded to include AI-driven communications, a market opportunity that continues to evolve.
However, the expansion of Impel’s offering of AI-driven communications brought new security challenges for the Impel team.
“When you’re working with AI communications, you’re dealing with more sensitive information, often including direct customer communications,” Case explained.
Handling sensitive customer data leads to an increase in legal and compliance concerns and requirements, as companies must comply with various frameworks including General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Gramm-Leach-Bliley Act (GLBA).
Case and his team wanted to protect their confidential company and customer data from unauthorized access. Being heavy users of Google Workspace, they needed reliable ways to manage their sensitive company files in Google Drive.
However, when it came to getting a full picture of their Google Drive security landscape, most tools came up short against Impel’s requirements.
According to Case, logging capabilities and administrative controls in the solutions they looked at were not as robust as he would have liked. He wanted a tool with more power, greater flexibility, and better reporting.
Case and the team needed insight into the entire state of their Google Drive environment, so they turned to Nira for help.
“That was the attraction to Nira from the get-go: it gives us complete awareness of the state of our security,” Case said. “I get an exact picture of where everything is now.”
Control public link exposure
Nira allows Impel to restrict public access to company files
According to Case, exposing company documents to the public is a growing concern for companies that use cloud collaboration tools from Google and Microsoft.
Through one public link, confidential company data can be shared with anyone on the internet.
Case explained that in certain situations, public link sharing is necessary. However, when public sharing is the most convenient option and overuse runs rampant, it becomes a security risk.
“Our biggest use case with Nira is to track and lock down exposure from public links,” Case said.
Case explained that public link exposure is risky because anyone who has the link has open access to data within the file—no matter how sensitive it may be.
“You have no control over where the data is going if it’s exposed publicly. From a compliance standpoint, that becomes a huge deal when you have personally identifiable information,” Case said.
However, Case maintained that even if the information is not ultra-sensitive, non-public company data should not be exposed.
“My rule is if I don’t want this information in an article or a headline, then I’m not going to share it publicly. You don’t want someone accidentally stumbling upon it,” Case said.
For Case and the team, locking down public links was not easily done without Nira. They would have needed to reach out to every employee and ask them what they were sharing publicly.
For an IT team of two working with more than 200 employees, the process would have been painstaking and unproductive, Case explained.
Restricting public file exposure is not a problem we would have solved without Nira. It’s less about time saved and more about problem solved versus problem not solved.Michael Case,Senior IT Manager
Gain historical data visibility
Impel uses Nira to investigate files from the moment they were created
Before Nira, Case’s access to historical data in Google Drive was almost nonexistent.
“Reporting was limited. I could only look up changes made in the last six months. Anything beyond that period was unknown,” Case said.
Case—who did not set up Impel’s original Google Drive environment—could not be aware of every document or permission that existed before he started.
The Admin console had little functionality to identify problems due to original permissions or stale, outdated documents. What’s more, it merely tracked changes, rather than giving a full overview of every access risk.
“It was hard to tell, A. do we have a problem? And B., if we do, how big is that problem?” Case said.
But, with Nira’s Item History feature, Case can go back to activity on the first document ever created in Impel’s Google Drive and immediately know its level of risk. Then, he can fix any outstanding issues or set up an automation to take care of them going forward.
The Item History feature is also vital for conducting investigations in Google Drive, Case said. When an incident happens, he and the team can investigate who was involved, exactly what happened, and what was shared, in a few clicks of a button.
Item History is a chance to do more investigative-type functions. I can then be proactive and take steps with certain controls or alerts that keep me apprised of an incident.Michael Case,Senior IT Manager
Strengthen offboarding to stay secure
With Nira, Impel can easily manage file ownership for departing employees
Security investigations are key when it comes to Impel’s offboarding process. Offboarding creates risks, not only from malicious behavior but from everyday mistakes the parting employee might have made.
Using Nira, Case and the team can check if departing employees have access to documents they no longer need from their personal accounts. They can also manage file ownership as employees leave.
It’s important to be aware of file ownership when employees are about to leave the company, Case said. Impel may need to retain former employees’ work and transfer ownership of their documents to other people in the organization.
This helps with data retention best practices and the archival of employee accounts. Case explained he takes several steps to archive account data during offboarding.
Being able to quickly, easily, and flexibly transfer ownership of files for archival purposes, Nira is a huge asset.Michael Case,Senior IT Manager
Using Nira, Impel can easily fine-tune its offboarding process. The team has more streamlined options—including bulk transfer of file ownership—saving them time and resources.
A culture of proactive protection
As the company grows, Impel recognizes the need for a deeper understanding of its security landscape. Nira allows them to not only reduce external access risks but also delve into their historical data for comprehensive insights and investigations.
By leveraging Nira, the company has streamlined and secured its offboarding process, ensuring it does not pose potential security vulnerabilities.
Case and the team have strengthened Impel’s Google Drive security landscape and boosted a culture of proactive insight and protection through Nira’s capabilities.
Nira’s been invaluable for giving us full awareness of the state of our security.Michael Case,Senior IT Manager