Argus Cloud is a purpose-built security audit platform for Google Workspace. It combines comprehensive compliance coverage, automated scanning, AI-powered analysis, and multi-tenant management into a single console. Whether you manage one domain or hundreds, Argus gives you continuous visibility into your Google Workspace security posture.
200 Security Checks Across 4 Frameworks
Argus ships with 200 auditable security checks spanning four compliance frameworks: the CIS Google Workspace Benchmark v1.3.0 (84 checks), CISA SCuBA Baselines (82 checks), the Google Security Checklist (20 checks), and 13 additional best-practice checks curated from real-world incidents and configuration drift patterns. Together, these frameworks cover every admin-configurable surface in Google Workspace, from Gmail routing rules to Chrome browser policies.
Of the 200 checks, 24 are classified as critical severity. Each critical finding includes a plain-language explanation of the business impact, such as the risk of data exfiltration through unrestricted Drive sharing or account takeover via weak authentication policies. Argus is also license-aware: checks are gated by the Google Workspace edition (Business Starter, Business Standard, Business Plus, Enterprise, etc.) so you never see false positives for features your license does not include.
Automated Scan Scheduling
Schedule security scans on a daily or weekly cadence using cron expressions. Argus runs each scan as an asynchronous background task, so your console remains fully responsive while the auditor evaluates all 200 checks against the Google Workspace Admin SDK. Each scan completes in under two minutes for a typical domain.
The console maintains a full scan history for every tenant. The overview dashboard surfaces pass rate trends over the last 90 days, making it easy to track whether configuration changes are improving or degrading your security posture. You can compare any two scan reports side by side to see exactly which checks changed status.
Interactive Dashboard
The overview page presents a real-time security score gauge alongside status distribution charts, severity breakdown bars, a service inventory summary, the latest failures, and a dedicated critical findings card. At a glance, you can see how many checks are passing, failing, or require manual verification, broken down by Google Workspace service (Gmail, Drive, Calendar, Meet, and more).
The compliance page lets you drill down into each framework and section, showing pass rates and individual check statuses. The findings page supports filtering by severity, status, service, and framework, with options for sorting, muting, and manually resolving checks. An inventory page provides visibility into stale devices, OAuth application grants, and shared drives across the organization.
AI Security Analyst
Argus includes a chat-based AI analyst backed by 13 specialized LLM tools. You can ask natural-language questions about your security posture and receive answers grounded in your actual scan data. The analyst supports three LLM providers: OpenAI, Anthropic Claude, and AWS Bedrock, giving you flexibility in model selection and data residency.
Tools available to the AI analyst include search_findings for querying your results, get_remediation_plan for step-by-step fix instructions, and get_smart_remediation which groups related findings by theme and provides effort estimates. The compare_reports and trend_analysis tools help you understand how your posture has changed over time. Usage is capped at $5 per organization per month to keep costs predictable.
Multi-Tenant Management
Managed service providers and enterprises with multiple Google Workspace domains can manage all of them from a single Argus console. Each tenant is an isolated Google Workspace organization with its own service account credentials, scan schedule, and configuration. Tenant groups let you organize domains by business unit, client, or geography.
Per-tenant settings include scan scheduling, notification preferences, and business context fields that inform the AI analyst. For example, you can tag a tenant as a healthcare organization so the AI analyst prioritizes HIPAA-relevant findings in its remediation plans. All tenant credentials are encrypted at rest using Fernet symmetric encryption.
Integrations
Argus integrates with the tools your team already uses. Webhook integrations support Slack, Google Chat, Discord, and custom HTTP endpoints, with template-based payloads that let you include variables like tenant name, scan timestamp, and finding counts. Jira integration creates issues directly from findings, linking back to the remediation steps in the console.
For compliance archival, Argus can export scan reports to Google Cloud Storage on a recurring basis. This is particularly useful for organizations that need to retain audit evidence for regulatory or contractual obligations.
Finding Management
Every finding is classified by severity: critical, high, medium, low, or informational. Mute rules let you suppress known-acceptable findings at the section, source, or individual check level, with optional expiration dates so muted items resurface for periodic review. Checks with a MANUAL status can be resolved manually with a note explaining the compensating control.
Each finding maintains a full audit trail including status changes, comments, and mute/unmute events. This history is essential for demonstrating due diligence during compliance reviews and for tracking which team member addressed each issue.
Role-Based Access Control
Argus ships with three default roles: Admin, Auditor, and Viewer. Each role maps to a set of granular permissions including manage_tenants, manage_scans, view_findings, manage_users, and manage_billing. The organization owner automatically has all permissions and cannot be demoted.
This permission model lets you give clients read-only access to their own findings while keeping scan configuration and tenant management restricted to your internal team. Auditors can run scans and manage findings but cannot modify billing or user accounts.
Backup & Restore
Argus can back up Google Workspace data across Directory, Gmail, Drive, Calendar, Contacts, and Admin Configuration. Backup policies define what to capture, how often, and how long to retain it. A dedicated backup worker queue with controlled concurrency ensures backups do not compete with scan workloads.
Point-in-time restore lets you recover specific data from any completed backup job. Whether you need to restore a deleted user's mailbox or revert an accidental configuration change, the restore interface guides you through selecting the backup snapshot and target scope.
Security
Argus enforces mandatory multi-factor authentication (TOTP) for every user account. All stored credentials, including Google service account keys, are encrypted with Fernet symmetric encryption before being written to the database. Authentication uses JWT access and refresh tokens with short-lived access windows and automatic rotation.
New user registrations require email verification before the account becomes active. For programmatic access, Argus supports scoped API keys that can be created and revoked from the console. All API endpoints enforce organization-scoped authorization, ensuring that users can only access data belonging to their own organization.
Quick Start
Getting started with Argus Cloud takes less than five minutes:
- 1 Register at app.argussec.io
- 2 Add your GWS tenant with service account credentials
- 3 Run your first security scan and wait under two minutes for results
- 4 Review your posture in the interactive dashboard