For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

Google Workspace Monitoring—How It Works

by Aware

Google Workspace is one of the most widely used cloud-based productivity and collaboration tools. It offers the flexibility and communication-sharing features companies of all sizes need to keep up with the speed of today’s business. With its host of apps, including Gmail, Meet, Drive, Calendar, Cloud Identity Management, Apps Script, and more, monitoring Google Workspace for security purposes and data protection can be a challenge.

In this post, we explore why businesses need to monitor Google Workspace, what features are currently available, and how to set up successful Workspace monitoring to protect your organization’s data.


What is Google Workspace monitoring?

Google Workspace monitoring is the process of observing how employees use the Workspace instance. Workspace monitoring can fulfill multiple purposes, from enhancing security posture to optimizing resources. Every organization that uses Google Workspace should understand how their workforce is using it. Google Workspace monitoring activities include:

  • Monitoring login security and file sharing and ensuring administrative activities like user creation and deletion make sense from a data security perspective.
  • Reviewing audit logs, which provide a record of user and admin actions across Workspace, for compliance with data privacy regulations and internal policies.
  • Analyzing API performance metrics that show how employees use Google Workspace—for example, if usage trends show under or over-utilization of an application—to help pinpoint efficiency gaps and application availability.

These types of monitoring can ensure compliance with regulations and prove that an organization’s productivity needs are being met with Workspace.

Aware-IT LeadersGuide-ComplianceLegal-ResourceImg-2

Free Guide: What IT leaders need to know about compliance, legal, & infosec in collaboration

Why is Google Workspace monitoring essential?

Google Workspace admins should understand where their risks lie in relation to potential threat activity, data security, and workflow integrity. Monitoring their Google Workspace instance can provide necessary visibility so businesses can safeguard their critical data and productivity tools.

One of Google Workspace’s biggest assets is the ease of sharing between its collaboration apps, but this introduces risks to data security. Monitoring user access to files minimizes unauthorized viewing and sharing. Tracking changes made in files also preserves data integrity against accidental or malicious modifications.

Another advantage of Google Workspace is account and cloud security built into the platform. Infosec leaders can detect suspicious login events, account changes, or other forms of unauthorized access, while 2-step verification secures Google accounts against attempted breaches.

Balancing security with functionality is a real concern, as is providing the right role-based access controls (RBAC) for proper user account integrity. Comprehensive audit logs can illustrate business processes while also providing evidence for investigations and compliance without impeding everyday workflows.

Learn more about Aware for Google Drive

What monitoring features are available in Google Workspace?

Google Workspace services are covered by several helpful monitoring features. Some of the key capabilities offered include:

  • Reports and dashboards—Offer a range of metrics that cover most analysis needs, including usage statistics for the Google Workspace products, basic security metrics, the risk of data breach, and so much more.
  • Audit logs—Record user and admin activities across the Workspace ecosystem to monitor the creation/deletion of users, settings changes, suspicious behavior, login attempts, Drive file sharing, and more. Logs can be filtered for audits and investigations.
  • Monitoring metrics and alerts—Google Cloud automatically collects and stores metrics related to the Workplace API performance, traffic, errors, and latency. Admins can filter these metrics accordingly to understand app health. Alerts can also be set up to notify users of events like suspicious activity, service settings changes, or other security concerns.
  • Third-party integrations—Google Workspace logs can be integrated with third-party tools for centralized dashboard management, advanced analytics, granular customized detections, and real-time alerting.

Security and IT admins can leverage Google Workspace’s monitoring capabilities for visibility into their workforce’s activities, to identify potential risks, to ensure regulatory compliance, and to take proactive measures to secure their data and applications.


Free Download: A quick checklist for collaboration security

How do I monitor Google Workspace?

To begin monitoring in Google Workspace, sign in to the Google Admin console using an administrator account. From there, you’ll be presented with a Main Menu.

How to navigate Google Workspace Reports

Click “Reports” under the Main Menu. The Reports section is divided into five sections:

  • Highlights—trends and key metrics, including service usage, storage, sharing activity, and basic security.
  • Apps—usage statistics and charts for Gmail, Drive, Meet, and other Google Workspace applications. You can drill down further for account status, app usage, and security reports by user.
  • Audit Logs—user and admin activities across Workspace apps, which can be filtered by criteria like user, date range, event type, etc.
  • Security Reports—metrics on exposure to data breaches, two-factor authentication adoption rates, third-party apps, and other security concerns.
  • Custom Reports—generate custom reports for Google products, report type, filters, and date range.

Reports can also be accessed via the search bar at the top of the Reports section. Your Google plan and administrative privileges may determine which reports you’re allowed to access.

How to access audit logs in Google Workspace

In the Admin console, navigate again to the Reports section and click “Audit” to gain access to the audit logs.

Within this section, you can view and search the audit log events of all user activities across Google Workspace G suite apps. Various filters can help narrow the information in the logs.

You may also access service-specific audit logs directly from their respective sections in the Admin console. Google Vault audit logs can be reached through the “Vault reports” and “Matter audits” links for those with proper access and the right Google Workspace plan. Device audit logs may also be found in the “Security” section.

How to create email alerts for major administrative changes to Google Workspace

In the Google Workspace Admin console, under the Reports section, click on “Alerts.”

  • Click on “Create Alert” to set up a new alert rule.
  • Under “Alert Type,” select “Admin Activity Alert” to monitor administrative actions.
  • In the “Alert Conditions” section, choose specific administrative activities for which you’d like to be alerted. These may include:
    • User account changes (create, delete, suspend, etc.)
    • Group changes (create, delete, update members)
    • Domain settings changes
    • Mobile device management changes
    • Other alerts personalized to your organization
    • Filters such as user, IP address range, or other criteria
  • In the “Alert Delivery” section, select “Email” and enter the email address where you’d like to receive the alerts.
  • Configure the alert frequency settings as needed (real-time, daily digest, etc.)
  • Review the alert details and click “Save” to create the alert rule.

You will begin receiving email notifications as soon as the specified actions occur in your Workspace ecosystem. Email alerts allow your organization to stay informed about critical administrative changes and maintain visibility of the Google Workspace environment.


Webinar: Legal & IT experts weigh in on how to control risk in collaboration data

Does Google Workspace have monitoring limitations?

Google Workspace’s monitoring capabilities are quite extensive out-of-the-box, but there are drawbacks that organizations with advanced monitoring requirements will face. These may include:

  • Limited monitoring of certain data types. Specifically, Workspace can only monitor the sharing of personally identifying information (PII), payment card industry data (PCI), and financial transaction details. This leaves other types of sensitive data, like protected health information (PHI), exposed.
  • Workspace’s compliance policies are restricted to Google Drive, Gmail, and Hangouts, but compliance regulations may be required across many more tools.
  • Google’s accessibility is also a risk, as limiting user access is challenging.
  • Workspace monitoring does not support certain file types, including video and audio. Comments in Google Docs, Sheets, Slides, Drawings, and comment email notifications are not subject to monitoring capabilities.
  • Advanced workflow features are not offered, including on-demand retrieval, long-term archiving, custom detection rules, and more.
  • Admins cannot create custom metadata to search through files on Google Workspace, making federated searches impossible.

Integrate with Aware to simplify Google Workspace monitoring

Aware enables companies to monitor data security and maintain regulatory compliance within Google Workspace from a seamless native app integration. Using industry-leading natural language processing (NLP) and AI-infused analytics with near-human accuracy, Aware is capable of monitoring workflows to assess potential security risks, adherence to workplace policies and processes, and usage trends for application availability.

With Aware, company leaders can easily understand their Google Workspace risk posture. Aware can help:

  • Identify PII, PCI, PHI, and other sensitive data across communications.
  • Ensure regulatory compliance, including HIPAA, GDPR, CCPA/CPRA, PIPEDA, and more.
  • Create an immutable, search-ready archive to support legal and internal investigations.
  • Automate policy enforcement for acceptable use of company-specific data, including passwords, permissions, user accounts, company files, and more.
  • Maintain complete data control with audit logs, data encryption, and RBAC.

Learn how Aware’s robust data management tools helped a European beverage company reduce PII sharing and uphold internal acceptable use policies and GDPR compliance.

Aware delivers real-time notifications concerning the handling and sharing of sensitive or restricted information, which provides the foundation for creating acceptable use policies and enhanced training and compliance. Contact us today to learn how Aware can support security monitoring for your Google Workspace.


Learn more about real-time monitoring for Google from Aware

Topics:Google Drive Security