What is eDiscovery for Google Workspace
Streamline eDiscovery in Google Workspace with our AI-powered tools.
Key Points
- This blog was originally posted on the Aware website, but with the acquisition of Aware by Mimecast, we are ensuring it is also available to visitors to the Mimecast website.
- Simplify Legal Processes - Streamline real-time data collection, legal holds, and advanced search within Google Workspace
- Overcome Vault Limitations - Address data loss, limited search, and export challenges with Aware’s compliance tools.
Google Workspace productivity tools serve the needs of businesses of all sizes, but adoption of digital workplace tools comes with exponential growth of electronically stored information (ESI). Making Workspace data discoverable is essential to the security and compliance posture of the modern enterprise.
This post will explore eDiscovery with Google Workspace, the challenges of performing discovery within this dataset, and how best to effectively manage eDiscovery requests in this complex Google Workspace business environment.
eDiscovery Definition
eDiscovery is a critical component of legal and compliance processes that enables users to search for, export, and analyze user data. These functionalities are essential for efficiently managing electronic information during legal proceedings. During eDiscovery investigations, it is important that data be closely managed using granular user access permissions and role-based controls (RBAC), and information retained under legal holds is preserved in an immutable archive that is legally defensible.
What is Google Workspace?
Google Workspace (formerly G Suite) is a set of apps that enable business users to work collaboratively from any location in real time. Originally launched in 2006 as Google Apps for Your Domain, Google Workspace’s productivity platform is widely used by businesses of all sizes.
Workspace’s core applications are:
- Gmail for email communications
- Google Drive for file sharing and storage
- Google Calendar for scheduling and organizing events
- Google Meet to hold virtual meetings and video conferences
Noted for its user-friendly interface, scalability, and the facilitating of effective communication and collaboration within organizational units, Google Workspace also offers robust security features, including data encryption, two-factor authentication, and advanced access controls.
Understanding your Google Workspace plan
All Google Workspace plans include the core suite of apps, including Chat, Docs, Slides, and more. They also come with custom, secure business email, video meeting capabilities, and varying storage capacity. Every account also comes with standard security and user management controls. However, not all Google Workspace plans provide eDiscovery capabilities.
Google Workspace Security Features by Plan
All four of the Workspace plans—including Business Starter and Business Standard—offer security controls and user management features. It’s with the Business Plus plan that more features become available*.
Business Plus Plan
This includes all the features of the Business Standard plan, plus:
- Google Vault
- Endpoint Management
Enterprise Plan
Includes all the features of the Business Standard plan, plus:
- Google Vault
- Endpoint Management
- Data Loss Prevention
- Data Regions
*As of Dec. 2023
How does eDiscovery work in Google Vault?
Users of Google Business Plus or Enterprise accounts can use Google Vault, an eDiscovery tool designed to simplify workflows for Google Workspace apps. Using Google Vault, legal teams can find and export data from across Google systems and apps.
Creating a matter in Google Vault
Within Google Vault, a matter is the investigation file where you’ll organize searches, holds, and exports related to any eDiscovery requirements. Vault users can share an investigation with other Vault users as necessary.
To create a matter in Google Vault:
- Click on Matter, then click “Create”.
- At the prompt, create a name for the matter according to your company’s file naming conventions. Including a description is optional but helpful to differentiate what eDiscovery investigation the matter encompasses.
- Click “Create” to finish setting up the matter.
To search and export data in Google Vault:
- In the newly created matter, click the “Search” tab to begin your investigation.
- There will be a list of Google apps within Workspace, such as Gmail or Drive. Choose your app to direct your search.
- Choose your parameters, such as user account(s), file types, or phrases. Boolean operators and other advanced search techniques will work to help you narrow your search.
- The sidebar will show a preview to help you hone your search results.
- If you’d like to repeat your search, it can be saved to be re-run.
The “Exports” tab is where you’ll find the export function to further examine your results. Your export will include metadata for account associations.
Google Vault plays a crucial role in ensuring data integrity and security by allowing administrators to set automated data retention policies, perform searches, and place legal holds on an organization’s data as required. Additionally, Vault maintains audit reports of all behavior within the admin console. While valuable for its core functionality, Google Vault lacks certain features like advanced search capabilities and customization options, making it suitable for organizations with simpler eDiscovery needs.
What are the limitations of Google Vault?
Although Google Vault has a number of useful capabilities to support eDiscovery in Google Workspace, it does have limitations that admins should consider, especially if they are part of a highly regulated industry or manage a large Workspace with many users and lots of data. Some key limitations include:
- Lack of visibility into file history. No matter the retention rules in place, Google Vault only stores the most recent version of Workspace files, which can lead to spoliation if users edit their contents.
- Data loss from inactive user accounts. If a Google Workspace user account is deleted, corresponding information from that custodian is also removed from Vault, even with a data hold in place.
- Users can turn off Vault for Chat. In Google Chat, end users retain the ability to switch off Chat history, preventing a complete archive of conversations from being stored in Vault. While admins can force history to remain on, this excludes users in some regions from being able to access Chat.
- Few export options. Google Vault exports message content to PST or mbox file types, depending on the source of the data export. Google recommends reviewing these data types in an email client or text editor.
- Hacker and corruption vulnerabilities. Because Vault doesn’t store a separate copy of Google Workspace data, it’s vulnerable to the same risks and any data loss from the primary Workspace will carry into Google Vault.
- Limited search and export capability. Google Vault lacks features like concept searching, fuzzy matching, and clustering. In addition, Vault struggles with high-volume exports and power users may run up against usage limits.
Why companies integrate Google with Mimecast
By integrating Google with Aware, organizations can overcome the limitations of Google Vault and gain a comprehensive solution for managing eDiscovery and information governance in Google cloud. Using Drive API to connect seamlessly to Google data enables Aware to support a range of use cases, including automated DLP workflows, compliance monitoring capabilities, and federated search and discovery functionality, without impacting the end user.
Aware’s AI and machine learning models are based on proprietary, best-in-class natural language processing (NLP) capabilities designed for the unique complexities of digital collaboration data. Using Aware, admins can enhance compliance adherence, increase risk mitigation, and accelerate eDiscovery processes for Google, Slack, Microsoft Teams, Zoom and more from a single centralized platform.
Mimecast's eDiscovery features include:
- One-click legal holds for an immutable archive of all data
- Full context information gathering to support investigations with all the information in one place
- Real-time data ingestion and custodian-based batch collection to reduce the time eDiscovery takes
- AI-powered search filters that reduce false positives with minimal manual intervention
- User-friendly formats and compatibilities with existing workflows
- RBAC and message visibility controls, so the datasets are correctly managed by those with proper access
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!