Redgate strengthens Microsoft 365 governance for safe AI adoption with Syskit Point
Customer
Founded in 1999 and headquartered in Cambridge, UK, Redgate Software provides Database DevOps solutions for SQL Server, PostgreSQL, MySQL and Oracle.
With offices in the USA, Germany and Australia, the company develops industry-standard tools to help over 200,000 data professionals streamline software development and monitor database performance.
Over time, Redgate’s Microsoft 365 environment had grown organically across SharePoint, OneDrive, and Microsoft 365 groups. As the business scaled, so did the complexity of managing content, permissions, and access across the estate.
That made Microsoft 365 governance a growing priority for the Infrastructure and Security team.
What had once been a background risk became more urgent as Redgate worked through ISO27001-driven security priorities and prepared the organization for broader AI adoption.
Damon Witherick, Director of Infrastructure & Operations, Redgate Software
SharePoint governance had been on our radar for a while, but with AI, it became something we couldn’t ignore anymore.
Damon Witherick, Director of Infrastructure & Operations, Redgate SoftwareChallenges
Redgate’s SharePoint environment had grown over more than a decade, evolving alongside the business without a consistent governance model. What started as simple file sharing had become a complex mix of SharePoint sites, OneDrive usage, Microsoft 365 groups, and layered permissions.
By the time the security team turned its attention to the problem, the challenge wasn’t just scale – it was visibility. Redgate knew there was risk in the environment but lacked a practical way to understand or reduce it without disrupting the business.
At the same time, external pressures were increasing. ISO27001 security requirements meant the team needed to demonstrate control over access to sensitive data, while growing interest in AI made existing permission risks more visible, and more urgent.
“We knew SharePoint permissions were a problem, but we didn’t have a practical way to understand it at scale. With the size of our environment, you can’t manually review who has access to what, it’s just not tractable. At the same time, we needed to be able to demonstrate control from a security and compliance perspective. It wasn’t just about knowing there was risk, it was about being able to do something about it in a meaningful way.” Rob Chipperfield, Security Manager, Redgate
Limited visibility across a complex estate
With around 17 TB of data and 600 users, Redgate’s Microsoft 365 environment had reached a point where permissions could no longer be reviewed or governed manually.
Access had been granted and modified over years, often at the file level, creating a fragmented and difficult-to-understand permissions model. Security teams could not easily answer a fundamental question: who has access to what, and should they?
“We had limited visibility over the estate as a whole.” Rob Chipperfield, Security Manager, Redgate
Without that visibility, governance became reactive. Issues were only addressed when surfaced through tickets or incidents, rather than proactively managed.
Sensitive information “hidden in plain sight”
Redgate’s concern wasn’t just complexity, it was exposure. Sensitive information existed across the environment, and, in many cases, access controls had drifted over time.
The risk was not always immediately visible to end users. In practice, this meant that employees could potentially access content they did not need – or should not have access to – without realizing it.
As AI adoption became a priority, this risk became harder to ignore. AI tools don’t create new permissions, but they make existing access far easier to surface. Content that previously required effort to find could now appear instantly.
“AI doesn’t grant access to the data itself, but can leverage existing access to surface sensitive data inappropriately.” Rob Chipperfield, Security Manager, Redgate
What had once been a background governance issue was now a blocker to safe AI adoption.
A high-risk problem that was difficult to fix safely
Even where risks were understood, remediation was not straightforward.
Large SharePoint sites contained terabytes of data used by hundreds of employees. Fixing permissions or restructuring content risked breaking links, disrupting workflows, and creating friction across the organization. At Redgate’s scale, even a small margin of error could impact dozens of users. That meant any action needed to be highly controlled and low risk.
This created a tension: doing nothing meant accepting growing risk, but moving too aggressively risked operational disruption. Redgate needed a way to reduce exposure without breaking the business.
Solution
Addressing the complexity
To address the growing complexity and risk in its Microsoft 365 environment, Redgate implemented Syskit Point as a governance layer on top of SharePoint and OneDrive. Rather than attempting to fix everything at once, the team adopted a phased approach focused on visibility first, then safe remediation, and finally long-term ownership.
The rollout followed four stages:
- Audit the environment
- Reduce obvious and high-risk exposure
- Remediate permissions
- Enable ongoing governance and AI readiness
This approach allowed Redgate to tackle a complex, high-risk problem in a controlled and practical way.
The first priority was solving the visibility gap. Syskit Point gave Redgate a centralized view of permissions, access patterns, and sharing across its Microsoft 365 environment. For the first time, the team could begin to answer critical questions around who had access to what, and where risk existed.
This was a key shift. Instead of relying on reactive tickets or manual investigation, the team could proactively identify high-risk areas and prioritize action.
Reducing risk with safe, high-impact actions
With visibility in place, Redgate focused on the safest and most impactful cleanup actions first. Using Syskit Point, the team removed 2,000 expired sharing links and identified 3,000 inactive guest users. These were changes that delivered immediate risk reduction without disrupting business operations.
Where additional validation was needed, Syskit Point data was combined with Redgate’s wider security tooling to ensure changes could be made safely at scale. This approach helped the team avoid the common trap of overcorrecting too quickly, reducing exposure while maintaining user trust.
At the same time, these improvements supported Redgate’s ISO27001-aligned security program. The team needed to demonstrate clear control over access to sensitive data across its Microsoft 365 environment, something that had previously been difficult to evidence. By moving from fragmented, manual processes to a more centralized and auditable approach, Redgate is now better positioned to prove governance controls and reduce compliance risk.
AI has made it much more important to understand your permissions model. It doesn’t create new access, but it does make it much easier for people to surface information they already have access to. Syskit Point is helping us get to a place where we’re comfortable with that, where we understand the risk and can start reducing it in a structured way.
Rob Chipperfield, Security Manager, Redgate
Delegating governance to the right owners
A key goal for Redgate was to move away from centralized IT oversight alone and toward a model where content owners are responsible for their own data and permissions. Syskit Point enabled this by providing automated delegation of structured, guided tasks to workspace owners, so less tech-savvy users know how and what needs to be fixed in their sites to clean up risky access and prevent data leakage.
Before rolling out broadly, the security team used the platform to clean up the most obvious issues, ensuring that future reviews would be realistic and actionable for site owners. Instead of asking users to review thousands of permissions, Redgate is preparing to give them focused, meaningful tasks, increasing the likelihood of engagement and long-term adoption.
Enabling safer AI adoption
While governance had been on the roadmap, AI made it a priority. Redgate recognized that without control over SharePoint permissions, AI adoption would increase the likelihood of sensitive data being surfaced unintentionally. Syskit Point became a foundational step in addressing that risk.
By improving visibility and reducing overexposed access, Redgate is creating the conditions needed to roll out AI capabilities more confidently.
“Syskit is the pre-requisite for safe AI adoption at Redgate.” Damon Witherick, Director of Infrastructure & Operations, Redgate Software
Unexpected value through storage savings
Storage savings were not part of the original business case, but they became an important secondary benefit. Syskit Point helped Redgate identify around 4 TB of potential storage savings, worth an estimated $10,000 annually.
That made the investment easier to justify internally while reinforcing the value of getting the environment under control.
Why Redgate chose Syskit Point
Syskit stood out for its depth in SharePoint permissions management and its ability to complement the existing Microsoft 365 environment. This allowed Redgate to introduce governance incrementally, without forcing a complete change in how teams worked.
The self-hosted deployment option was also a key factor. It simplified internal risk and legal discussions by ensuring that Redgate retained full control over its data.
“Point was a tool that did the thing that we needed well, without trying to do the whole world, and ending up mediocre.” Rob Chipperfield, Security Manager, Redgate
Results
Redgate is still early in its journey with Syskit Point, but the impact is already clear: what was once a difficult-to-manage, high-risk environment is now a structured and actionable governance program.
Before Syskit Point, SharePoint permissions were a known issue but hard to address at scale. Today, Redgate has visibility into its environment, early cleanup wins, and a clear path to ongoing governance.
Just as importantly, the team has shifted from reactive firefighting to proactive risk reduction, laying the groundwork for safer AI adoption.
“If it does what we hope it will do, then [the investment] to knock something that’s reasonably high up our risk register somewhat down that risk register…that’s worth it.” Rob Chipperfield, Security Manager, Redgate
-
1.4 TB of potential storage savings identified
Redgate uncovered significant unnecessary storage, creating an estimated annual saving of around $10,000 and helping offset the cost of the investment.
-
2.2,000 expired sharing links removed
The team eliminated expired links across the environment, reducing unnecessary external access risk with a safe, high-impact action.
-
3.3,000 inactive guest users identified for remediation
Syskit Point surfaced stale external access, allowing Redgate to begin a structured and validated cleanup process.
-
4.Improved visibility across a 17 TB SharePoint environment
Redgate now has a clearer understanding of permissions and access across its Microsoft 365 estate, enabling more informed decision-making.
-
5.A scalable governance model established
Instead of relying on security to manage everything centrally, Redgate is building a model where site owners take responsibility for their own content, supported by better tooling and visibility.
-
6.A safer foundation for AI adoption
By addressing underlying permission risks, Redgate has positioned itself to roll out AI capabilities with greater confidence and control.