When your business runs on Google Workspace, it is easy to assume your data is fully protected simply because it lives in the cloud. That is only partly true. Google gives you a reliable platform and some built-in recovery options, but Google also states that Vault is not designed to be a backup or archive tool. In other words, resilience and backup are not the same thing.
If you lose data through deletion, account compromise, sync errors, or a rushed offboarding process, your ability to recover it may depend on short restore windows and admin action taken quickly.
That matters because data loss rarely happens in isolation. It usually sits alongside wider cyber and operational risk. The UK Government’s Cyber Security Breaches Survey 2025 found that 43% of businesses identified a cyber breach or attack in the previous 12 months. The same report says the average cost of the most disruptive breach was £1,600, rising to £3,550 when excluding businesses that reported a £0 cost.
For many organisations, the biggest pain is not only the security incident itself, but the disruption that follows when staff cannot access the files, emails, calendars, and shared information they rely on every day.
Why Google Workspace still needs a backup strategy
Google Workspace includes native protection, but those features are not the same as having a dedicated backup and recovery plan. Google’s own guidance says admins can restore deleted Drive files only if they were deleted within the last 25 days. Google also says a deleted user account can only be restored for up to 20 days after deletion, and a deleted shared drive can only be restored if it was deleted within the last 25 days.
Gmail messages deleted to Trash can usually be recovered by the user for up to 30 days, and admins then have an additional 25-day window to restore permanently deleted messages. After that, the data cannot be restored by an admin or by Google.
That is why a business using Google Workspace should treat backup as part of a broader resilience plan, alongside IT support and management, cloud services / Office 365, security services, and consulting. Northern Star’s own service structure reflects that wider view, with dedicated pages for managed support, cloud services, consulting, migrations, anti-phishing, and penetration testing rather than treating security or recovery as a one-off product.
What you should protect in Google Workspace
The obvious place to start is Gmail. Email often holds contracts, approvals, supplier conversations, support trails, and security alerts. But if you stop there, you can still be exposed.
You should also think about:
- Gmail mailboxes and labels
- Google Drive files and folders
- Shared drives and their structure
- Google Calendar data
- Google Contacts
- Former user accounts before and after offboarding
- File ownership and sharing permissions
- Historic versions of important documents
In practice, Google Drive and shared drives are often where the real business risk sits. Shared proposals, finance records, HR files, onboarding packs, legal documents, and operational spreadsheets can all be far harder to rebuild than a few deleted emails. If the wrong account is removed or files are emptied from Trash and no one notices in time, Google’s restore windows can close faster than most teams expect.
How restores actually work
A lot of businesses imagine restores as a simple “undo” button. In reality, restores often depend on what was lost, when it was lost, and whether someone noticed quickly enough.
For example, if a user deletes Drive content and it is spotted within Google’s admin restore window, an admin can restore the data through the Admin console. Google says restored Drive data returns to the user’s Drive in the same location as before it was deleted. That sounds straightforward, but only if the deletion date is known and the data still falls within the 25-day limit.
If a whole Google Workspace account is deleted during offboarding, the clock becomes tighter. Google says a deleted user can be restored only within 20 days. If files were not transferred at the point of deletion, Google’s own guidance says the deleted user’s files are removed 20 days later. That means offboarding mistakes can have serious consequences if ownership transfer is not built into the process.
Gmail has its own logic. Users can normally recover messages from Trash for up to 30 days. After that, Google says admins have an additional 25 days to restore permanently deleted messages using the Restore data tool. That sounds helpful, but it is still a limited window and it is not the same as keeping longer-term point-in-time backups for legal, operational, or recovery purposes.
Shared drives are another area where businesses can be caught out. Google says a deleted shared drive can be restored only within the last 25 days, and files deleted from a shared drive also have their own restore process. If a shared drive holds core team documentation, the delay between deletion and discovery becomes the real risk.
What a sensible backup approach should look like
A sensible approach usually comes down to 3 things: coverage, retention, and recovery speed.
Coverage means protecting more than email. It means thinking about user drives, shared drives, calendars, contacts, and leaver accounts. Retention means keeping recoverable copies for longer than Google’s native windows. Recovery speed means being able to restore the right data to the right place without turning a simple mistake into days of downtime.
You should also think carefully about the difference between backup, compliance, and retention. Vault may still have value for eDiscovery and retention workflows, but Google explicitly says it is not designed to be a backup or archive tool. If your goal is quick operational recovery after deletion, corruption, ransomware-style changes, or admin error, you need to plan for that separately.
This is where wider planning helps. Businesses often review backup alongside migrations, global support and international projects, hardware and software, and practical guidance from Northern Star’s news section, including topics around phishing, cloud backup, and managed support. When your systems, users, and data are spread across teams and locations, restore planning becomes an operational issue as much as a technical one.
FAQs
Do you need backup if Google already stores the data?
Yes. Google provides the platform and some native recovery tools, but those tools have limits. Google also says Vault is not designed to be a backup or archive tool.
What is the biggest thing businesses forget to protect?
Former user accounts and shared drives are often overlooked. If a leaver’s account is deleted without proper transfer, or a shared drive is removed and not noticed quickly, restore windows can expire before anyone acts.
Can Google restore deleted Gmail messages?
Yes, but only within defined limits. Users can recover messages from Trash for up to 30 days, and admins then have an additional 25 days to restore permanently deleted messages. After that, recovery is no longer available.
Does restoring data always put everything back exactly as it was?
Not always. Restores depend on the service involved, the timing, and the restore method. In Drive, for example, Google says restored files return to the same location as before, but you still need to know what was deleted and act within the restore window.
Final thought
If you rely on Google Workspace every day, backup should not be left to assumption. You need to know what is protected, what is not, how long restore windows last, and what your team would actually do if key data disappeared on a busy Monday morning. That kind of planning is much easier before something goes wrong than after.
If you want help building a stronger recovery plan around Google Workspace, Northern Star can support you across managed IT support, cloud services, security services, and consulting so your business is not relying on short restore windows and crossed fingers.
