Posts

Google Vault – What, How, and Why

Google VaultGoogle Vault is a compliant archive and e-discovery service.  Historically, Vault is an add-on for G Suite Basic and is included with G Suite Business and Enterprise.

As Google transitions to the new Google Workspace, Google includes Vault in Google all Workspace Enterprise subscriptions and Google Workspace Business Plus.  Vault is not available as an add-on for the Google Workspace Business Starter and  Standard subscriptions at this time.

To decide if you need, or want, Vault, understand the What, How, and Why.

What Google Vault Does

Vault is a compliant archive/e-discovery service for Google Workspace.  The service captures all email, documents, and chats, even if they have been deleted by the user.  As such, Vault meets federal and state regulations for legal discovery.  Vault features include:

  • Archive:
    • Inbound, outbound, and internal email messages
    • Documents
    • Internal and external chat messages
  • “Matters”:
    • Search and gather all relevant materials
    • Save searches and results
  • Legal Holds:
    • Retain relevant data regardless of retention period
    • Prevent removal of data until a “Matter” is resolved
  • Audit Trails:
    • Capture activities
    • Document searches and exports
  • Reports:
    • Export data related to a “Matter” for delivery
    • Documentation that validates data integrity

How Vault differs from Backup

While Vault and backup systems both preserve and protect data, they serve very different purposes and functions.

Vault is intended to keep, find, export, and deliver data in a way that complies with Federal and State laws for legal discovery.

Backup systems are designed to preserve and restore information that has been lost or damaged.

In Vault, you can retrieve individual items and small batches of data. Doing so, however, does not restore the data to its prior location. Nor does Vault preserve meta data, such as date last modified and permissions.

Backup systems cannot guarantee that you have preserved all of your data.  Most backups are configured to remove deleted items from backup files after set periods of time.  Backup systems also prune data into weekly and monthly snapshots, resulting in a potential loss of versions.

Why You May Need or Want Vault

The driving factor for most businesses and organizations is regulatory compliance.  A range of laws and industry regulations require businesses to maintain records, including but not limited to:

  • Sarbanes/Oxley
  • Freedom of Information / Public Records
  • SEC-17
  • FINRA
  • PCI-DSS
  • HIPAA

If you are not subject to these regulations, you may want Vault in order to maintain data for:

  • Policy enforcement
  • Contact and legal negotiations
  • Personnel matters
  • Quality control

We recommend that your Google Workspace (G Suite) subscription is protected  by a backup/recovery solution.  You may not need or want Vault.  If you do not have a regulatory need, assess the value proposition of the added business protection and cost.

Learn more about Cumulus Global’s data protection and security solutions, contact us with any questions, or schedule a complimentary Cloud Advisor appointment.

Beyond Restore: Use Cases for Google Apps Backup

Backup Man

As we have noted several times in prior posts and webcasts, Google’s internal backup systems are designed to protect you should Google have hardware or software issues. You, however, are responsible for protecting your data in Google Apps from user deletions, user overwrites, malware, hackers, and other risks.

We have identified several use cases for backup/recovery in Google Apps that you cannot do from the Admin console.

A good Google Apps backup solution does more than restore

Preserve Data From Past Employees

  • If you want to preserve data from past employees, and need more than emails, your only option is to continue paying for the suspended Google Apps accounts.
  • With the ability to restore data to others, you can keep the backup as an archive and delete the Google Apps accounts.
  • An added benefit: the cost is less than 1/2 of a Google Apps for Work license and less than 1/4 of a Google Apps Unlimited license.

Transfer Data to New Owners

  • While you can transfer document ownership though the Admin Console and ownership of Sites data through APIs, these transfers are “all or nothing” and are destructive (they remove the data from the original account).
  • With the ability to restore data selectively and to others, you can transfer specific files, folders, sites data, emails, etc. to different people as needed.
  • An added benefit: You can transfer data between employees as they change positions and responsibilities.

Archive Documents (and other data)

  • While Google Apps Vault has eDiscovery searches for Gmail and Drive, Vault only archives Gmail.
  • A third party backup solution can preserve and archive documents, as well as email, calendars, contacts, and sites data in support of your document retention policies or regulations.
  • While a user can still delete a document and empty it from Trash before the backup, most users are unaware of the steps to take. With multiple backups per day, you are protected from losses other than those of a determined malicious actor.

Escape Hatch

  • As a “best-practice”, backups should not be stored in the systems being backed up without altering the format or content.
  • The right backup solution keeps your data in a separate location/service and restores data in its original format.
  • An added benefit: With an export feature, your backups become an easier way to extract data from Google Apps.

 

We offer multiple backup solutions for Google Apps, click here to learn more about our preferred solution.


 

Return of the Message Center and More


As Google continues to migrate Google Message Security and Message Discovery customers from the old Postini infrastructure, our clients have been concerned about functional and performance equivalency.   While filters and settings have been comparable for a while, and Google had previously added the quarantine notification, Google today announced the new Message Center.

Specifically for users that forward some or all of their email to on-premise servers or other email services, the Message Center lets users and administrators:

  • View and search 30 days of clean/spam mail
  • Mark single or multiple messages as spam or not spam
  • Deliver messages that are not spam to the on-premise mailbox
  • Add and remove contacts for whitelisting purposes
  • Bookmark URLs for searches and individual messages

This expanded functionality coincides with a series of upgrades to the SMTP relay service in Google Apps.   These updates help administrators in several ways:

  • Multiple authentication configurations: Admins can now configure multiple sets of authentication rules. For instance, you can specify that messages sent from one IP address are always allowed, messages from another IP address are only allowed if encrypted with TLS, and messages from another IP address range require SMTP AUTH.
  • SMTP AUTH: This newly supported authentication method uses Google “application-specific passwords” to allow admins to configure clients to authenticate to the relay service. This feature is available for registered Google Apps users only.
  • IP range description field: To manage IP addresses more efficiently, admins can enter descriptions in text fields for each IP address or range that you use to set authentication rules.
  • Selective enable/disable of IP ranges: Admins can selectively enable/disable IP ranges approved for relay as needed
  • Increased rate-limits for certain customers: In special circumstances, admins may increase the rate limits of 2,000 emails/user/day and 2,000 recipients/user/day by calling customer support. Requests need justification and are reviewed on a case-by-case basis.

With these enhancements, Google continues to increase the robustness of the Google Apps Platform, and reduces the need for most GMS and GMD customers to move to other spam, virus, and archiving solutions.

 

 

 

Iron Mountain Customers Stranded in the Wild?

In an interesting turn of events, Iron Mountain announced it was getting out of the digital records management business.  Selling its business lines to Autonomy, a European technology services firm, Iron Mountain returns to its roots as an efficient off-site records management firm.

Never profitable for the company, Iron Mountain Digital, always seemed like a sideline business for the firm.  While those working in the unit were dedicated professionals, their pricing, offerings, and technology did not always stand up well to the competition.  And, the company was never able to convey an integrated approach to hard copy and electronic records management.

The sales leaves current Iron Mountain customers somewhat stranded.  While Autonomy will no doubt continue operations for a period of time, one must expect that at some point in the future customers will be asked, encouraged, or forced to migrate over to Autonomy’s systems and solutions.   Also unclear is what will happen to local support.

Fortunately, customers can take the initiative and explore their options.   With minimal overlap of services, customers can migrate to other online backup solutions that offer more features at a lower cost.

Companies interested in learning more can click here for a no-obligation assessment of their backup/recovery and archive requirements.