Today’s post is part two of a series on How to Archive Google Apps accounts. For the complete story, download the free ebook.
In last week’s post, I outlined the factors that should influence your user-archiving process. Today I’ll present the first of the four major methods for archiving your departing users’ Google Apps accounts. I will then evaluate said method based on the “Four Cs” discussed in last week’s post using a standard A-F academic scale.
Option 1 - Do Nothing
Believe it or not, doing nothing is an option when a Google Apps user leaves your organization, which is to say it is a perfectly viable strategy to simply keep the original Google Apps account in place and fully functional for future reference. (Of course, you should still lock the actual user out of the account by changing the password and wiping any existing login cookies. You’re keeping the account, not the actual user.)
Cost Grade: F
Doing nothing is the most expensive option available. You continue to pay the full annual license for the Google Apps account and, if you aren’t using Google Apps Unlimited, you’re also paying for the Google Vault add-on license to maintain audit compliance. This cost becomes even more onerous if your organization operates in an industry with a relatively high rate of employee turnover, as a horde of low-value, high-cost “zombie users” will accumulate quickly.
Complexity Grade: C
Why not an A? After all, how hard can it be to do nothing? The complexity of the do-nothing solution comes not from the initial “setup” which, again, mostly involves a few simple steps to lock out the original user, but in the need to periodically monitor the now disused Google Apps account for illicit activity. As a full-fledged user, the zombie account has all the access and privileges of a conventional account, but without an actual user looking after it every day. That makes a disused account a prime target for hackers, which requires some extra security effort on the part of your domain administrator—exactly the sort of extra effort that tends to be neglected over time.
Compliance Grade: C
Again, why not an A? How can preserving literally everything in a Google Apps account fall short of any compliance guideline? The answer is simple: the account lives on after the original, intended user has departed. Any activities undertaken by the account after the user has left your company could be erroneously attributed to the original user. If a domain admin impersonates the user for maintenance or security purposes, there’s no simple way to prove that it was the admin (or any other user with the account’s credentials) performing those actions and not the original user of the account. The zombie account can be used with impunity by anyone who has the access credentials, making audit attribution difficult if not impossible. If an employee is fired for cause and the evidence of that cause is held within the Google Apps account, it can become a thorny issue to properly document all the post-termination activity in the account as belonging to an authorized admin and not the fired employee—and vice versa.
Continuity Grade: A
This is where the do-nothing solution shines. Nothing is lost from the original account, because the original Google Apps account is still there, wholly intact. All shared documents and recurring events go on as normal.
Composite Grade: C
Doing nothing is a strictly adequate solution for archiving a Google Apps user, but one that’s certain to cause some heartburn when setting your annual Google Apps budget.
So there is the first option for de-provisioning a user. Next week, I’ll dive into the second major method for archiving Google Apps users. Sick of waiting? Download the complete, free guide to archiving a Google Apps account today.