Protecting Google Workspace data
What does Google Workspace protection mean?
- Cloud-to-cloud backup and recovery of Google Workspace user data (Gmail mailboxes, Calendars, Contacts, Google Drives) and Google Workspace Shared drives.
- Granular recovery of emails, files, contacts, and other items.
- Support for several Google Workspace organizations and cross-organization recovery.
- Optional notarization of the backed-up files by means of the Ethereum blockchain database. When enabled, you can prove that a file is authentic and unchanged since it was backed up.
- Optional full-text search. When enabled, you can search emails by their content.
- Up to 5000 items (mailboxes, Google Drives, and Shared drives) per company can be protected without performance degradation.
Required user rights
In the Cyber Protection service
In the Cyber Protection service, you need to be a company administrator acting on a customer tenant level. Company administrators acting on a unit level, unit administrators, and users cannot back up or recover Google Workspace data.
In Google Workspace
To add your Google Workspace organization to the Cyber Protection service, you must be signed in as a Super Admin with enabled API access (Security > API reference > Enable API access in the Google Admin console).
The Super Admin password is not stored anywhere and is not used to perform backup and recovery. Changing this password in Google Workspace does not affect Cyber Protection service operation.
If the Super Admin who added the Google Workspace organization is deleted from Google Workspace or assigned a role with less privileges, the backups will fail with an error like "access denied". In this case, repeat the "Adding a Google Workspace organization" procedure and specify valid Super Admin credentials. To avoid this situation, we recommend creating a dedicated Super Admin user for backup and recovery purposes.
About the backup schedule
Because the cloud agent serves multiple customers, it determines the start time for each protection plan on its own, to ensure an even load during a day and an equal quality of service for all of the customers.
Each protection plan runs daily at the same time of day.
Limitations
-
The console shows only users that have an assigned Google Workspace license and a mailbox or Google Drive.
- Search in encrypted backups is not supported.
- Documents in the native Google formats are backed up as generic office documents and are shown with a different extension in the service console – such as .docx or .pptx, for example. The documents are converted back to their original format during recovery.
- No more than 10 manual backup runs during an hour.
- No more than 10 simultaneous recovery operations (this number includes both Microsoft 365 and Google Workspace recovery).
- You cannot simultaneously recover items from different recovering points, even though you can select such items from the search results.