Many clients assume that Google Workspace automatically protects all their data from all risks, but that’s not necessarily true. In reality, Google operates under a shared responsibility model where both the service provider and client have to do their part in protecting data.
For MSPs, conversations with clients about Google Workspace backup are essential. It can make them realize that they need a backup solution. Without one, they may be unable to recover deleted conversations or files after a certain time and have trouble complying with regulatory requirements.
A guide to discussing Google backup responsibility with clients
📌 Prerequisites:
- You must know Google Workspace’s retention limits and recovery options.
- You must understand compliance drivers (HIPAA, GDPR, SOC 2, state regulations).
- You must prepare client-facing materials explaining shared responsibility.
- You need to have access to a backup platform or service recommendations
Step 1: Start with the shared responsibility model
Everyone in your team must understand that SaaS backup is a shared responsibility that everyone must take part in. It’s not just the responsibility of the service providers. Everyone must do their part, including the client.
To ensure they understand what they must do, use plain language to explain how things work. Google, the service provider, is responsible for protecting its infrastructure, which relates to uptime, the physical security of its servers, and disaster resiliency. On the other hand, the clients are responsible for protecting their data, which involves user errors, accidental deletions, ransomware, and compliance.
Step 2: Highlight the limits of Google’s native protection
While Google services have native backup protections, sometimes they might not be enough. For example, deleted items in Gmail or Drive can usually be recovered for up to 30 days. And if you have a license, you can extend retention in Google Vault.
However, it’s not foolproof. If you need to recover data outside of Google’s allotted timeframes, you don’t have a lot of native options available to you. You need a separate backup solution to ensure that you won’t lose critical files and information.
Step 3: Frame backup in terms of business risk
Losing data can mean a lot of problems for the business, and employees must understand that. To explain that, you can use realistic and relatable scenarios. For example, what if someone deletes a shared folder full of important files before they leave, or ransomware makes Drive inaccessible for all users? What if you discover during a critical audit that emails are missing?
These scenarios risk downtime or compliance fines. More importantly, they can affect your organization’s reputation and may cause it problems in the future.
Step 4: Position MSPs as the accountability partner
Emphasize that MSPs will play a significant role in ensuring no data falls through the cracks. During onboarding and QBRs, you must provide clients with a clear written statement of responsibility to make this clear.
You can also introduce and discuss the backup solutions you provide as an MSP. These backup solutions will not just be an add-on but a critical safeguard for protecting your client’s data.
Step 5: Provide a communication toolkit
Prepare a one-page explainer on Google Workspace data responsibility. It should have a FAQ section that answers the following questions:
- “Doesn’t Google back up everything already?”
- “Why isn’t Google Vault enough?”
- “What’s the cost of not having backups?”
You can also share case studies that you have encountered. Talk about how the lack of backup solutions have led to costly data loss for clients.
Step 6: Make backup responsibility part of ongoing governance
Backing client data up should be an ongoing process instead of a simple, one-time thing. To do that, you can include backup accountability checks in your QBR agendas and document your client’s acknowledgment of responsibility.
You should also regularly review backup coverage and present your findings to the client. Highlight the test results and recommend backup solutions if new gaps are discovered.
Best practices summary table for the Google shared responsibility model
| Best Practice | Value Delivered |
| Explain shared responsibility | Clarifies for the client Google’s responsibility and the client’s own responsibility |
| Highlight native limits | Presents concrete examples of business risks; demonstrates what will happen if the client pushes Google’s data recovery options to their limits without a backup solution to fall back on |
| Use real-world scenarios | Makes the risk more tangible for the client; gives concrete examples of what’s on the line if they do not have a backup solution available |
| Position MSP as a partner | Reinforces trust and accountability; emphasizes the importance and value of the backup solutions that the MSP provides. |
| Provide a communication toolkit | Simplifies ongoing client conversations and may answer the questions the client already has |
| Embed in governance | Encourages accountability over time and ensures that the backup solution is always in place |
Automation touchpoint suggestions for managing SaaS backup
- Use NinjaOne RMM tool reminders to schedule quarterly client backup reviews.
- Automate the generation of reports showing recovery test results.
- Store client-facing “responsibility acknowledgement” in NinjaOne Docs.
NinjaOne integration ideas for implementing the Google shared responsibility model
NinjaOne can support MSPs in implementing the Google shared responsibility model by:
- Offering SaaS backup coverage for Google Workspace alongside endpoint backup
- Automating reporting on backup job success and restore validations
- Storing client responsibility documents and signed agreements in NinjaOne Docs
- Providing QBR-ready visuals of coverage vs. uncovered risks
Foster a constructive conversation about the SaaS shared responsibility model with your clients
It’s essential to set clear expectations by talking to clients about their Google Workspace backup responsibility. Clarifying the shared responsibility model can help reduce business risk for your client. To do this, you must effectively communicate limits using real-world examples and embed accountability into governance.
Related Links:
