Posts

Google Vault – What, How, and Why

Google VaultGoogle Vault is a compliant archive and e-discovery service.  Historically, Vault is an add-on for G Suite Basic and is included with G Suite Business and Enterprise.

As Google transitions to the new Google Workspace, Google includes Vault in Google all Workspace Enterprise subscriptions and Google Workspace Business Plus.  Vault is not available as an add-on for the Google Workspace Business Starter and  Standard subscriptions at this time.

To decide if you need, or want, Vault, understand the What, How, and Why.

What Google Vault Does

Vault is a compliant archive/e-discovery service for Google Workspace.  The service captures all email, documents, and chats, even if they have been deleted by the user.  As such, Vault meets federal and state regulations for legal discovery.  Vault features include:

  • Archive:
    • Inbound, outbound, and internal email messages
    • Documents
    • Internal and external chat messages
  • “Matters”:
    • Search and gather all relevant materials
    • Save searches and results
  • Legal Holds:
    • Retain relevant data regardless of retention period
    • Prevent removal of data until a “Matter” is resolved
  • Audit Trails:
    • Capture activities
    • Document searches and exports
  • Reports:
    • Export data related to a “Matter” for delivery
    • Documentation that validates data integrity

How Vault differs from Backup

While Vault and backup systems both preserve and protect data, they serve very different purposes and functions.

Vault is intended to keep, find, export, and deliver data in a way that complies with Federal and State laws for legal discovery.

Backup systems are designed to preserve and restore information that has been lost or damaged.

In Vault, you can retrieve individual items and small batches of data. Doing so, however, does not restore the data to its prior location. Nor does Vault preserve meta data, such as date last modified and permissions.

Backup systems cannot guarantee that you have preserved all of your data.  Most backups are configured to remove deleted items from backup files after set periods of time.  Backup systems also prune data into weekly and monthly snapshots, resulting in a potential loss of versions.

Why You May Need or Want Vault

The driving factor for most businesses and organizations is regulatory compliance.  A range of laws and industry regulations require businesses to maintain records, including but not limited to:

  • Sarbanes/Oxley
  • Freedom of Information / Public Records
  • SEC-17
  • FINRA
  • PCI-DSS
  • HIPAA

If you are not subject to these regulations, you may want Vault in order to maintain data for:

  • Policy enforcement
  • Contact and legal negotiations
  • Personnel matters
  • Quality control

We recommend that your Google Workspace (G Suite) subscription is protected  by a backup/recovery solution.  You may not need or want Vault.  If you do not have a regulatory need, assess the value proposition of the added business protection and cost.

Learn more about Cumulus Global’s data protection and security solutions, contact us with any questions, or schedule a complimentary Cloud Advisor appointment.

Tuesday Take-Away: Vault Extends to Drive

google-vault-icon
To give businesses even more visibility and control over employee files, Google Drive will include enhanced eDiscovery capabilities for Google Apps Vault. Retention policies and legal hold capabilities, similar to those currently available for email and chat, have been extended to cover files in Google Drive. These capabilities help you meet your legal obligations and ensure that employee files are archived and available as long as needed, even if employees delete those files from their Drive.

These new capabilities are in a limited rollout now, with full availability planned for the coming months.

Tuesday Take-Away: 6 Ways to Protect IP within Google Apps

While some remain suspect of security and privacy with cloud computing, Google Apps actually offers ways to help protect and preserve a company’s Intellectual Property (“IP”) that are not readily available in traditional, in-house systems.  Why worry about IP? Because as business becomes more electronic, your contracts, agreements, change orders, and work product are more likely to be written, reviewed, updated, and negotiated on-line. Protecting your documents, data, and information means protecting your business.

Let’s Get Technical

Google Apps’ underlying data management is Write Once; Ready Many (aka “WORM”). In other words, once information is saved in Google’s system it cannot be altered.  Unlike MS Exchange or a Windows File Server on which a Domain Administrator can alter any existing content anywhere, once data is saved in Google Apps, it cannot be modified.

Granted, you can reply to an email and modify the embedded copy of the original message. But, the original message is still saved as it was received.  Similarly, you can open a Google Doc and modify the content, but the revision history is there and you can go back to a prior versions.

The big risk to WORM is the power to delete … but we have a solution for that too.

Here are Six Ways To Protect Your IP with Google Apps:

 

1) Comments in Google Docs

Even if you switch to MS Word for your final formatting, draft your documents in Google Docs using the “Insert Comment” feature.  By keeping editing writes to yourself and giving comments only permission to your associates, you have full control of the document’s contents.  You associates — be they co-workers, a client, or opposing council — have the ability to highlight portions of the document and comment.  Whether they ask questions or suggest alternate wording, you can reply in-kind via comment as you edit the document.

Once final agreement is reached, you can “resolve” the comment.  While it disappears from view, it is part of the permanent history of the document.

Imagine two lawyers discussing and agreeing to the intent of a contract clause.  If an issue were to come up at some point in the future, any discussion of the ‘original intent’ of the clause would be cut short by the comment thread saved at the time.

2) Message Discovery (now); Google Vault (soon)

As noted above, the big risk to IP in Google Docs is deletion.  Google Message Discovery (GMD) available to all Google Apps users,  provide a secure, compliant archive of all inbound, outbound, and internal email messages with retention of up to 10 years.  The service provides search and e-discovery tools as well.

Imagine a client refusing to pay for work that was not “officially authorized”.  With GMD in place, you can produce the email thread discussing the work and providing the authorization.

Google Vault, available to new Google Apps customers now and all Google Apps users in the near future, extends the archiving ability of Google Apps in several ways.   Google Vault recognizes that you IP is not just in email and that your retention needs will vary.  Google Vault lets you:

  • Archive email, instant messages, and documents
  • Provide unlimited retention of archived information
  • Take advantage of the WORM underpinnings of Google Apps to maintain and protect your IP.

3) Google Drive and Docs

In our increasingly electronic world, more work gets done on the go.  By implementing Google Drive, your users have the ability to work locally while synchronizing and saving files automatically in Google Docs.  Beyond providing a convenient way to work — online or offline — Google Drive provides a level of protection for your IP from local hardware issues.  Combined with a backup/recovery strategy (see below), you have even better data protection.

Also, by adding additional space, you can also strategically create a secure file sharing structure where ownership of folders and files mimics traditional file server models.

4) Protected Folders

One way to protect IP is to ensure that final documents are tamper-proof and protected from deletion.  You can prevent critical documents from being editing or deleted by setting up protected folders.  These folders provide defined view permission, but will prevent users from tampering or removing critical information from within Google Docs.

CloudLock is one such service that lets you create protected folders.  In doing so, you can also determine who can add files to these folders, who can view folder content, and which administrative account manages the folders.

5) Backup / Restore

While Google Apps prevents data loss from hardware/software issues and provides version histories, Google Apps cannot prevent user mistakes or acts of malice.  Files not protected from deletion (see above) are vulnerable.  Additionally, you still need to protect against problems that can occur on any file server, such as uploading and sharing virus-infected files.

Given that in users have critical data in each of the Google Apps services, tools like Backupify offer a broad range of protection.  Backupify protects user content in email, calendar, contacts, docs, and sites.

6) Permissions Monitoring

Google Apps makes collaboration easy.  And, while you can restrict users ability to share to some extent, understanding the visibility of IP within and outside your business, and monitoring your documents for changes in exposure is an emerging best practice.

A key element of the CloudLock service are the ability to monitor changes in document permissions, the ability to change document ownership, and the emerging ability to set alerts based on keywords and business rules.

Wrap Up

When moving your data from in-house systems to Google Apps or other cloud services, you want and need to make sure that your data is at least, if not more, secure and private. Just as with in-house systems, you have tools and services available to manage and protect your intellectual property when using cloud solutions.  Google Apps provides a great foundation with an infrastructure designed to protect data with every save.  Integrated, third party tools like CloudLock and Backupify, along with new features in Google Apps itself, provide a manageable, secure, ecosystem.