Back
As experts in security and compliance, StrataPrime has helped numerous organizations strengthen their security postures, protecting proprietary and sensitive data and user accounts.
One critical security feature we leverage in Google Workspace is exporting audit and activity logs. Retaining Google Workspace logs is an important part of security operations and a very common IT requirement found in compliance programs such as SOC 2 or Sarbanes-Oxley (SOX).
By default, Google Workspace keeps logs for 180 days for most log sources, with some having retention periods as short as 30 days. In the case that you need to retrieve and investigate an event that exceeds the 180 day retention period, there are additional options to export logs, such as:
Reports API
In addition to manually downloading the logs from the Admin console, Google has the Reports API, which allows you to retrieve logs programmatically. These log events can be retrieved using Apps Script, or command line tools, such as Google Apps Manager.
Cloud Logging
Some log events can be shared with Cloud Logging in GCP, allowing you to integrate the log events with security tools that you may have, or set up notifications in applications such as Google Chat so that administrators can be alerted on events.
BigQuery Export
One of the more underutilized features of Workspace is the native BigQuery log export. Setting up the log export is very simple. Once the export is set up, you can analyze the log events using Connected Sheets, write SQL queries in BigQuery to understand the data, and use Looker Studio to visualize the information.
Retaining Google Workspace logs is one critical component of protecting your organization. Contact StrataPrime experts to learn about implementing the solutions above and other Google solutions we leverage that help strengthen your security posture.
