For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

What is eDiscovery for Google Workspace

by Aware

First Published Sept. 2023. Updated Mar. 2024.

Google Workspace productivity tools serve the needs of businesses of all sizes, but adoption of digital workplace tools comes with exponential growth of electronically stored information (ESI). Making Workspace data discoverable is essential to the security and compliance posture of the modern enterprise.


This post will explore eDiscovery with Google Workspace, the challenges of performing discovery within this dataset, and how best to effectively manage eDiscovery requests in this complex Google Workspace business environment.


What is eDiscovery?

eDiscovery is a critical component of legal and compliance processes that enables users to search for, export, and analyze user data. These functionalities are essential for efficiently managing electronic information during legal proceedings. During eDiscovery investigations, it is important that data be closely managed using granular user access permissions and role-based controls (RBAC), and information retained under legal holds is preserved in an immutable archive that is legally defensible.

The Ultimate Guide to eDiscovery in Google Drive

Learn more about eDiscovery in Google Drive

What is Google Workspace?

Google Workspace (formerly G Suite) is a set of apps that enable business users to work collaboratively from any location in real time. Originally launched in 2006 as Google Apps for Your Domain, Google Workspace’s productivity platform is widely used by businesses of all sizes. 

Workspace’s core applications are:

  • Gmail for email communications
  • Google Drive for file sharing and storage
  • Google Calendar for scheduling and organizing events
  • Google Meet to hold virtual meetings and video conferences

Noted for its user-friendly interface, scalability, and the facilitating of effective communication and collaboration within organizational units, Google Workspace also offers robust security features, including data encryption, two-factor authentication, and advanced access controls.

Aware-InfoGov-Checklist-OGsocial (2)

Protect your digital workplace now

Understanding your Google Workspace plan

All Google Workspace plans include the core suite of apps, including Chat, Docs, Slides, and more. They also come with custom, secure business email, video meeting capabilities, and varying storage capacity. Every account also comes with standard security and user management controls. However, not all Google Workspace plans provide eDiscovery capabilities.

Google Workspace Security Features by Plan

All four of the Workspace plans—including Business Starter and Business Standard—offer security controls and user management features. It’s with the Business Plus plan that more features become available*.

Business Plus Plan

This includes all the features of the Business Standard plan, plus:

  • Google Vault
  • Endpoint Management

Enterprise Plan

Includes all the features of the Business Standard plan, plus:

  • Google Vault
  • Endpoint Management
  • Data Loss Prevention
  • Data Regions

*As of Dec. 2023


Case study: How a non-profit used Aware to quickly respond to legal requests

How does eDiscovery work in Google Vault?

Users of Google Business Plus or Enterprise accounts can use Google Vault, an eDiscovery tool designed to simplify workflows for Google Workspace apps. Using Google Vault, legal teams can find and export data from across Google systems and apps.

Creating a matter in Google Vault

Within Google Vault, a matter is the investigation file where you’ll organize searches, holds, and exports related to any eDiscovery requirements. Vault users can share an investigation with other Vault users as necessary.

To create a matter in Google Vault:

  • Click on Matter, then click “Create”.
  • At the prompt, create a name for the matter according to your company’s file naming conventions. Including a description is optional but helpful to differentiate what eDiscovery investigation the matter encompasses.
  • Click “Create” to finish setting up the matter.

To search and export data in Google Vault:

  • In the newly created matter, click the “Search” tab to begin your investigation.
  • There will be a list of Google apps within Workspace, such as Gmail or Drive. Choose your app to direct your search.
  • Choose your parameters, such as user account(s), file types, or phrases. Boolean operators and other advanced search techniques will work to help you narrow your search.
  • The sidebar will show a preview to help you hone your search results.
  • If you’d like to repeat your search, it can be saved to be re-run.

The “Exports” tab is where you’ll find the export function to further examine your results. Your export will include metadata for account associations. 

Google Vault plays a crucial role in ensuring data integrity and security by allowing administrators to set automated data retention policies, perform searches, and place legal holds on an organization’s data as required. Additionally, Vault maintains audit reports of all behavior within the admin console. While valuable for its core functionality, Google Vault lacks certain features like advanced search capabilities and customization options, making it suitable for organizations with simpler eDiscovery needs.

What are the limitations of Google Vault?

Although Google Vault has a number of useful capabilities to support eDiscovery in Google Workspace, it does have limitations that admins should consider, especially if they are part of a highly regulated industry or manage a large Workspace with many users and lots of data. Some key limitations include:

  • Lack of visibility into file history. No matter the retention rules in place, Google Vault only stores the most recent version of Workspace files, which can lead to spoliation if users edit their contents.
  • Data loss from inactive user accounts. If a Google Workspace user account is deleted, corresponding information from that custodian is also removed from Vault, even with a data hold in place.
  • Users can turn off Vault for Chat. In Google Chat, end users retain the ability to switch off Chat history, preventing a complete archive of conversations from being stored in Vault. While admins can force history to remain on, this excludes users in some regions from being able to access Chat.
  • Few export options. Google Vault exports message content to PST or mbox file types, depending on the source of the data export. Google recommends reviewing these data types in an email client or text editor.
  • Hacker and corruption vulnerabilities. Because Vault doesn’t store a separate copy of Google Workspace data, it’s vulnerable to the same risks and any data loss from the primary Workspace will carry into Google Vault.
  • Limited search and export capability. Google Vault lacks features like concept searching, fuzzy matching, and clustering. In addition, Vault struggles with high-volume exports and power users may run up against usage limits.

Case study: How this global restaurant chain uses eDiscovery from Aware

What is the difference between Google Vault, Drive API, and Takeout?

Google Vault is an integrated governance and eDiscovery application for Google Workspace and has only limited capabilities with add-on apps. By contrast, Drive API enables users to create and connect their own apps to Google Drive, including bespoke and third-party eDiscovery applications. Google Takeout is a free export tool that enables users and small businesses to download their data from any Google app.

Is Google Drive Secure

What you need to know to secure Google Drive today

Why companies integrate Google with Aware

By integrating Google with Aware, organizations can overcome the limitations of Google Vault and gain a comprehensive solution for managing eDiscovery and information governance in Google cloud. Using Drive API to connect seamlessly to Google data enables Aware to support a range of use cases, including automated DLP workflows, compliance monitoring capabilities, and federated search and discovery functionality, without impacting the end user.

Aware’s AI and machine learning models are based on proprietary, best-in-class natural language processing (NLP) capabilities designed for the unique complexities of digital collaboration data. Using Aware, admins can enhance compliance adherence, increase risk mitigation, and accelerate eDiscovery processes for Google, Slack, Microsoft Teams, Zoom and more from a single centralized platform.

Aware’s eDiscovery features include:

  • One-click legal holds for an immutable archive of all data
  • Full context information gathering to support investigations with all the information in one place
  • Real-time data ingestion and custodian-based batch collection to reduce the time eDiscovery takes
  • AI-powered search filters that reduce false positives with minimal manual intervention
  • User-friendly formats and compatibilities with existing workflows
  • RBAC and message visibility controls, so the datasets are correctly managed by those with proper access

Learn more about how Aware supports eDiscovery for Google Drive now.


Secure your Google environment today

Topics:Google Drive SecurityeDiscovery