What is eDiscovery for Google Workspace
by Aware
First Published Sept. 2023. Updated Mar. 2024.
Google Workspace productivity tools serve the needs of businesses of all sizes, but adoption of digital workplace tools comes with exponential growth of electronically stored information (ESI). Making Workspace data discoverable is essential to the security and compliance posture of the modern enterprise.
What is eDiscovery?
The process of collecting, preserving, and searching for information in response to litigation and internal investigations is known as eDiscovery.
This post will explore eDiscovery with Google Workspace, the challenges of performing discovery within this dataset, and how best to effectively manage eDiscovery requests in this complex Google Workspace business environment.
Contents
- What is eDiscovery?
- What is Google Workspace?
- Understanding your Google Workspace plan
- How does eDiscovery work in Google Vault?
- What are the limitations of Google Vault?
- What is the difference between Google Vault, Drive API, and Takeout?
- Why companies integrate Google with Aware
What is eDiscovery?
eDiscovery is a critical component of legal and compliance processes that enables users to search for, export, and analyze user data. These functionalities are essential for efficiently managing electronic information during legal proceedings. During eDiscovery investigations, it is important that data be closely managed using granular user access permissions and role-based controls (RBAC), and information retained under legal holds is preserved in an immutable archive that is legally defensible.
Learn more about eDiscovery in Google Drive
What is Google Workspace?
Google Workspace (formerly G Suite) is a set of apps that enable business users to work collaboratively from any location in real time. Originally launched in 2006 as Google Apps for Your Domain, Google Workspace’s productivity platform is widely used by businesses of all sizes.
Workspace’s core applications are:
- Gmail for email communications
- Google Drive for file sharing and storage
- Google Calendar for scheduling and organizing events
- Google Meet to hold virtual meetings and video conferences
Noted for its user-friendly interface, scalability, and the facilitating of effective communication and collaboration within organizational units, Google Workspace also offers robust security features, including data encryption, two-factor authentication, and advanced access controls.
Protect your digital workplace now
Understanding your Google Workspace plan
All Google Workspace plans include the core suite of apps, including Chat, Docs, Slides, and more. They also come with custom, secure business email, video meeting capabilities, and varying storage capacity. Every account also comes with standard security and user management controls. However, not all Google Workspace plans provide eDiscovery capabilities.
Google Workspace Security Features by Plan
All four of the Workspace plans—including Business Starter and Business Standard—offer security controls and user management features. It’s with the Business Plus plan that more features become available*.
Business Plus Plan
This includes all the features of the Business Standard plan, plus:
- Google Vault
- Endpoint Management
Enterprise Plan
Includes all the features of the Business Standard plan, plus:
- Google Vault
- Endpoint Management
- Data Loss Prevention
- Data Regions
*As of Dec. 2023
Case study: How a non-profit used Aware to quickly respond to legal requests
How does eDiscovery work in Google Vault?
Users of Google Business Plus or Enterprise accounts can use Google Vault, an eDiscovery tool designed to simplify workflows for Google Workspace apps. Using Google Vault, legal teams can find and export data from across Google systems and apps.
Creating a matter in Google Vault
Within Google Vault, a matter is the investigation file where you’ll organize searches, holds, and exports related to any eDiscovery requirements. Vault users can share an investigation with other Vault users as necessary.
To create a matter in Google Vault:
- Click on Matter, then click “Create”.
- At the prompt, create a name for the matter according to your company’s file naming conventions. Including a description is optional but helpful to differentiate what eDiscovery investigation the matter encompasses.
- Click “Create” to finish setting up the matter.
To search and export data in Google Vault:
- In the newly created matter, click the “Search” tab to begin your investigation.
- There will be a list of Google apps within Workspace, such as Gmail or Drive. Choose your app to direct your search.
- Choose your parameters, such as user account(s), file types, or phrases. Boolean operators and other advanced search techniques will work to help you narrow your search.
- The sidebar will show a preview to help you hone your search results.
- If you’d like to repeat your search, it can be saved to be re-run.
The “Exports” tab is where you’ll find the export function to further examine your results. Your export will include metadata for account associations.
Google Vault plays a crucial role in ensuring data integrity and security by allowing administrators to set automated data retention policies, perform searches, and place legal holds on an organization’s data as required. Additionally, Vault maintains audit reports of all behavior within the admin console. While valuable for its core functionality, Google Vault lacks certain features like advanced search capabilities and customization options, making it suitable for organizations with simpler eDiscovery needs.
What are the limitations of Google Vault?
Although Google Vault has a number of useful capabilities to support eDiscovery in Google Workspace, it does have limitations that admins should consider, especially if they are part of a highly regulated industry or manage a large Workspace with many users and lots of data. Some key limitations include:
- Lack of visibility into file history. No matter the retention rules in place, Google Vault only stores the most recent version of Workspace files, which can lead to spoliation if users edit their contents.
- Data loss from inactive user accounts. If a Google Workspace user account is deleted, corresponding information from that custodian is also removed from Vault, even with a data hold in place.
- Users can turn off Vault for Chat. In Google Chat, end users retain the ability to switch off Chat history, preventing a complete archive of conversations from being stored in Vault. While admins can force history to remain on, this excludes users in some regions from being able to access Chat.
- Few export options. Google Vault exports message content to PST or mbox file types, depending on the source of the data export. Google recommends reviewing these data types in an email client or text editor.
- Hacker and corruption vulnerabilities. Because Vault doesn’t store a separate copy of Google Workspace data, it’s vulnerable to the same risks and any data loss from the primary Workspace will carry into Google Vault.
- Limited search and export capability. Google Vault lacks features like concept searching, fuzzy matching, and clustering. In addition, Vault struggles with high-volume exports and power users may run up against usage limits.
Case study: How this global restaurant chain uses eDiscovery from Aware
What is the difference between Google Vault, Drive API, and Takeout?
Google Vault is an integrated governance and eDiscovery application for Google Workspace and has only limited capabilities with add-on apps. By contrast, Drive API enables users to create and connect their own apps to Google Drive, including bespoke and third-party eDiscovery applications. Google Takeout is a free export tool that enables users and small businesses to download their data from any Google app.
What you need to know to secure Google Drive today
Why companies integrate Google with Aware
By integrating Google with Aware, organizations can overcome the limitations of Google Vault and gain a comprehensive solution for managing eDiscovery and information governance in Google cloud. Using Drive API to connect seamlessly to Google data enables Aware to support a range of use cases, including automated DLP workflows, compliance monitoring capabilities, and federated search and discovery functionality, without impacting the end user.
Aware’s AI and machine learning models are based on proprietary, best-in-class natural language processing (NLP) capabilities designed for the unique complexities of digital collaboration data. Using Aware, admins can enhance compliance adherence, increase risk mitigation, and accelerate eDiscovery processes for Google, Slack, Microsoft Teams, Zoom and more from a single centralized platform.
Aware’s eDiscovery features include:
- One-click legal holds for an immutable archive of all data
- Full context information gathering to support investigations with all the information in one place
- Real-time data ingestion and custodian-based batch collection to reduce the time eDiscovery takes
- AI-powered search filters that reduce false positives with minimal manual intervention
- User-friendly formats and compatibilities with existing workflows
- RBAC and message visibility controls, so the datasets are correctly managed by those with proper access
Learn more about how Aware supports eDiscovery for Google Drive now.