NIS2 is here: A practical guide for Google Workspace users

Security compliance used to be something you did to win a contract. With the NIS2 Directive, that changes. It is now a legal requirement, not just a sales tactic.

The risks of ignoring it are serious. Fines can reach €10 million or 2% of your global turnover. On top of that, top management can now be held personally responsible for security failures.

If you use Google Workspace, you are already on the right track. But simply having secure software doesn’t mean your company is fully compliant. You still have to secure the actual devices your team uses to do their work.

Here is how Revolgy helps you handle the new EU cybersecurity rules.

Do these rules apply to me?

The first thing to know is that NIS2 covers way more ground than the old rules. It has expanded from 7 sectors to 18, including food production, waste management, public administration, and digital providers.

Even if you aren’t on that list, you might still be affected. The law focuses heavily on supply chain security, meaning big companies will likely require their vendors (you) to prove they are secure before signing a contract.

To comply, you need to prove you are actively managing risks, including:

• Incident reporting: You have to report serious threats to the authorities within 24 hours.
• Checking your supply chain: You need to make sure your vendors aren’t your weak link.
• Business continuity: You need a plan to keep operating if you get hacked.
• Asset management: You need to secure the actual devices your team uses.

How Google Workspace helps

Google Cloud operates on a shared fate model. This basically means they handle the security of the infrastructure, so you don’t have to.

• It’s safer by numbers: Studies show Google Workspace users see three times fewer security incidents than those on Microsoft 365.
• Encryption is automatic: Your data is encrypted when it’s stored, and when it moves, so you meet the cryptography rules by default.
• Disaster-ready: Google’s data centers are certified (ISO 22301) to keep running during disasters, which helps you meet the business continuity requirements.

Where Google stops, and you begin

Google secures the cloud, but NIS2 says you are responsible for cyber hygiene and asset management.

Google Workspace is great for securing your email and documents, but it doesn’t have full control over the physical MacBook or Windows laptop your employee is using. If that laptop isn’t encrypted or has a weak password, you aren’t compliant.

To fix this, we use JumpCloud. It plugs the hole between your cloud apps and your physical devices:

1. One key for everything: NIS2 requires multi-factor and continuous authentication. JumpCloud enforces this across your whole company. It gives your team one secure identity (Single Sign-On) that works for everything — their laptop, the office Wi-Fi, the VPN, and their email. It makes sure the right person is logging in every time.

2. Locking down the laptops: You can’t pass an audit if you don’t manage your computers. JumpCloud lets you force every computer (Windows, Mac, or Linux) to use screen locks and hard drive encryption. This gives you the proof auditors need that you are managing your assets.

3. Offboarding: A big risk is former employees who still have access to company data. JumpCloud automates this. When someone leaves, you click one button, and they lose access to Google, their laptop, and all your apps instantly.

How Revolgy gets you audit-ready

Technology alone doesn’t solve compliance problems; it’s about how you configure it. At Revolgy, we review your actual settings to make sure your Google Workspace is tight enough to pass an inspection.

• The Google Workspace security audit: We do a thorough audit that assesses over 100 critical security settings in your environment. We check everything from admin privileges and multi-factor authentication (MFA) status to external sharing permissions in Drive and third-party app access. You get a clear report so you know exactly what needs attention.
• Implementation: Once we know what is wrong, we fix it. We tighten up your admin accounts, secure your Google Drive, and make sure your third-party apps aren’t leaking data.
• 24/7 monitoring: NIS2 has strict deadlines. You often have to report serious hacks within 24 hours. You can’t do that if you aren’t watching. Our security management service continuously monitors your system. If something goes wrong, we spot it and help you handle it.
• Training: The law says you must train your staff. We provide security training, so your team knows how to spot phishing emails and handle data safely.

NIS2 is designed to make the digital world safer, but for a business owner, it looks like a lot of responsibility. With Google Workspace and JumpCloud, you have the right basics. With Revolgy, you have an expert to guide you through the entire process.

Not sure if NIS2 applies to you? Contact us for a free consultation, and we can help you figure out where you stand.

Read next: How Google Workspace and JumpCloud help you become ISO 27001 compliant