Free · No obligation · Written report included

Most businesses have 5 to 7 critical gaps in Google Workspace.

A free 45-minute Google Workspace security audit. 20 controls across identity, email, data, and devices. Written scored report within 48 hours. Yours to keep whether or not you become a client.

Book the free audit See a sample report

No preparation required. Best for existing Google Workspace accounts. If you still need to migrate, GetBulwark can scope that first.

Security Audit — In Progress 20 checks

Admin account 2FA enforcement FAIL

DMARC / email authentication PARTIAL

External sharing policies PASS

Third-party app permissions FAIL

Device management (MDM) PARTIAL

Password policies PASS

Backup coverage FAIL

Endpoint protection PARTIAL

6 / 20 controls passing

Report delivered within 48 hours

97/215

Average score on a first audit

5–7

critical gaps found on the average first audit

#1 finding

MFA not enforced — one stolen password unlocks everything

48 hrs

Scored report delivered after the call

The Process

45 minutes. No prep. A clear score and a written plan.

No software to install and nothing to fill in beforehand. You give read-only access to your Admin Console and we work through all 20 controls reviewed live on the call. Every finding is explained in plain English, with the business consequence attached.

Book a slot

Pick a time from the calendar. 45-minute video call — no preparation needed on your side.

Grant read-only access

Add our Google account as delegated admin — read-only. Two minutes. No passwords. Revoke it the moment the call ends.

Live security audit on the call

All 20 controls, reviewed live while you watch. We explain what each finding means in practice as we go. MFA missing means one stolen password can unlock everything. DMARC missing means anyone can spoof your domain.

Written report within 48 hours

PDF to your inbox. Every finding scored, explained, and prioritised. Yours regardless of what happens next.

Start here before you book

Three quick questions. If the audit is the right first step, book it. If migration or a planning call makes more sense, that should be obvious before you touch the calendar.

Step 1

What are you running today?

Best Next Step

Book the free Google Workspace security audit.

You are a strong fit for the 20-point manual review: existing Workspace, growing team, and security that could use a named owner. Book the audit, get the written score, then decide what to do next.

Book the audit Email first instead

Migration is offered where needed, but it is not required for the businesses already running in Google Workspace today.

What happens in the 45 minutes

0–10 min

Context call. GetBulwark learns your team size, tools, and any known concerns. No prep needed from you.

10–40 min

Live review of your Google Admin Console. 20 controls checked across identity, email, data, and devices. You watch in real time.

40–45 min

Verbal summary of what was found. Written scored PDF report delivered within 48 hours. Yours regardless of next steps.

No software to install. No preparation required. Admin Console read-access is granted during the call and can be revoked immediately after.

Book Now — Free

Pick a time. Show up. Get your score.

No preparation, no forms to fill in before the call, no invoice at the end. The report lands within 48 hours and it is yours to keep, act on, or ignore. If GetBulwark is not the right fit, you will hear that directly.

45 minutes

Enough to cover all 20 checks and discuss what each finding means in practice.

Google Meet — you watch live

You see exactly what we're looking at in your Admin Console in real time.

Written report within 48 hours

PDF delivered by email. Every finding scored, prioritised, and written for a non-technical reader.

One person. Owns the work.

You will speak to Callum Fraser, not a junior and not a sales rep. One named specialist, not a faceless helpdesk.

Prefer email first? hello@getbulwark.com

Who this is for: UK businesses on Google Workspace that have outgrown basic IT — remote or hybrid teams where security currently sits with whoever has a spare hour. If you still need to move into Workspace, GetBulwark can handle the migration first and harden the environment after.

The Audit

20 security checks. The basics most teams never verify.

Not a surface-level scan. We look inside your Admin Console, your DNS records, and your device management. These are the controls that decide whether one phishing email becomes a nuisance or a real incident.

01Admin account securityCRITICAL

02User account hygieneHIGH

032FA enforcement — all usersCRITICAL

04Email authentication (DMARC, DKIM, SPF)CRITICAL

05External sharing settingsHIGH

06Third-party app permissionsHIGH

07Device management (MDM)HIGH

08Password policiesMEDIUM

09Audit log and alert settingsHIGH

10Gmail security settingsHIGH

11Drive and data residencyMEDIUM

12Endpoint protectionCRITICAL

13Backup coverageCRITICAL

14Leaver and joiner processHIGH

15Less secure app accessCRITICAL

16Email forwarding rulesCRITICAL

17Shared Drive permissionsHIGH

18Google Groups external accessMEDIUM

19Session and login controlsMEDIUM

20Screen lock and remote wipeHIGH

Included in every audit

A written report. Not a vague summary.

A structured PDF covering every control checked, your score, the gaps that matter most, and the exact remediation steps. Written so a non-technical business owner can act on it.

Pass / Warning / Fail status for all 20 controls
Risk level for each finding
Prioritised remediation list — most critical first
Plain-English explanation written for non-technical stakeholders
Yours to keep whether or not you become a client

View a sample report

Security Audit Report Confidential

97 / 215

Overall score — action required

6FAIL

7WARN

7PASS

Admin 2FA enforcement FAIL Enforce via Admin Console → Security

DMARC record PARTIAL Policy is p=none — update to p=quarantine

External sharing PASS Restricted to authorised domains ✓

Third-party app access FAIL 23 unreviewed apps — 4 flagged high risk

Backup coverage FAIL No independent backup for Gmail or Drive

Straight Answers

The questions everyone asks before booking

What if the results are bad?

Then you'll know exactly what to fix and in what order. Most businesses find at least two or three critical issues. That's not unusual — Google Workspace has hundreds of settings and most are never reviewed after initial setup. Knowing is better than not knowing.

Is it actually free? What's the catch?

It is completely free. Some businesses become GetBulwark clients after the audit, some do not. Either way, you get the report. The audit is how we start conversations, not something we charge for later.

What access do you need?

Delegated admin access — read-only. We can't make changes, delete anything, or access email content. You can remove our access the moment the audit is done. Two minutes to set up.

Do I have to become a client?

No. You'll get the full written report regardless. If GetBulwark isn't the right fit, you'll hear that directly — and you can action the report yourself or take it to whoever you do work with.

We already have IT support — is this still useful?

Yes, especially if your current IT support is generalist. Most providers manage tickets and devices. They rarely dig into Google Workspace configuration in real depth. The audit covers what they usually do not.

How long does it take?

The call is 45 minutes. The written report lands within 48 hours. No preparation needed beforehand — just show up to the call.