How to enhance your security posture in your enterprise cloud: Case for Google Workspace
Get updates as soon as we post them
Latest news, tips and tricks, straight to your inbox
How to enhance your security posture in your enterprise cloud: Case for Google Workspace
Episode 2: Data Retention: Google Vault and eDiscovery
Google Vault is an information governance and eDiscovery tool which allows organizations to retain, hold, search, and export users’ data within Google Workspace. Data can be kept for as long as you need it and also can be removed when you no longer need it. With such capabilities, it’s possible to be in compliance with data governance regulation by setting policies which align with the requirements of the regulating body.
In this episode we will dive deep into the tool and see how we can utilise it to ensure no accidental erasure of data within Google Workspace. Google Vault can be used for the retention of the following data:
Gmail messages
Drive files
Google Chat messages (history turned on)
Google Meet recordings and associated chat, Q&A, and polls logs
Google Groups messages
Google Voice for Google Workspace text messages, voicemails and their transcripts, and call logs
New Google Sites
Classic Hangouts messages (history turned on)
How to set up Google Vault for data retention
Step 1. Buy Vault licenses – included in most GWS editions. You can buy and assign licenses to everyone (full-organization licensing) or to only a subset of people (partial-organization licensing). Control who can sign in to Vault by going to
Step 2. (Optional) Grant Vault privileges to authorized users. You can grant privileges to users who you want to create retention rules, place holds, or perform investigations. Then sign in to Vault go to Google Vault in order to set retention rules.
Step 3 . Set your organization’s default retention rules
Click Retention from step 4 above. If Retention isn’t listed, ask a Google Workspace administrator to give you Manage retention policies privilege.
On the Default rules tab, click a service, for instance Gmail, Drive or Chatthen choose how long to keep messages or files:
To permanently retain data, select Indefinitely
To retain data for a set time, select Retention period and enter the number of days, from 1 to 36,500
If you set a retention period, choose what to do with data after the retention period expires:
To purge only the data that users have already deleted, choose the first option.
To purge all data, choose the second option. This rule can purge data that users expect to keep, such as messages in their Gmail inbox or files in Drive
Click Create. If you set a retention period, Vault asks you to confirm you understand the effects of this retention rule. Check the boxes and click Accept to create the rule.
Repeat this process for all services you want to set default retention rules for.
Stay tuned, in our next episodes, we shall cover topics in the following areas:
Data Loss Prevention (DLP) for Gmail
Data Loss Prevention (DLP) for Drive
Deleting Accidental Sent emails in your domain
Security Center: Investigation tool
Google EMM: Remote Wipe Devices: Windows, Android and iPhone