Explore the Retention and Versioning Policies of Major Cloud Collaboration Providers

When choosing a cloud collaboration platform, it’s important to understand how that platforms features work alongside the needs of your organization and industry. The demands of different industries can be immensely diverse, especially with regards to security and regulatory policies. As such, taking these issues into consideration is absolutely essential before deciding to migrate.

Two of the trickiest compliance concerns are often document retention and versioning: how long you need to be able to hold on to files that you’ve deleted, just in case you need to access them again.

While document versioning typically is a benefit for the end user when considering restoration and retention, retention policies are a benefit for IT and security teams when handling legal hold, security, and compliance.

With that in mind, let’s take a look at the retention and versioning policies of four major cloud collaboration providers!

Office 365


Office 365 provides some of the most flexible retention policies of any cloud collaboration platform, giving admins a host of ways that they can decide how files are grouped, deleted, or retained. You can set a retention policy that groups files by location, by department, by user, or even by certain keywords or file types. That last grouping can be especially effective for admins who need to organize sensitive files or topics into a grouping all their own, and ensures that legal documents or documents containing customer data are deleted or retained in strict accordance with industry regulations.


Recently, Microsoft announced that Office 365 will now retain up to 100 versions of a file, ensuring that users don’t need to worry about being able to access a previous version of that file before major edits or changes were made. In a business environment where drafts are constantly being updated and amended, often by multiple people in multiple departments, Microsoft’s announcement guarantees that users can still access crucial information from previous file drafts, and trust that that information won’t simply be lost for good as the result of a minor edit.

Dropbox Business


Dropbox Business users have 120 days to recover any files, unless that file has been previously marked for permanent deletion. Selecting which files are marked for permanent deletion is usually a privilege restricted to admins or certain members of an organization, and admins have the ability to distribute that privilege to individual users as they see fit. While not quite as flexible an approach as that employed by Office 365, Dropbox Business’ policy is powerful in its simplicity. By automatically retaining files for a set amount of time, Dropbox takes the pressure off admins who might otherwise be overwhelmed by the need to devise a detailed retention policy on their own. By simply dividing the options between blanket retention and blanket deletion, Dropbox lessens the stress about for exactly how long individual pieces of content should be set to stick around.


While Office 365 has built its new versioning policy on number of drafts, Dropbox Business has built its around a time limit, very similar to that of its retention policy. Users have access to a potentially unlimited amount of versions created or amended within the past 120 days from when they go back to check. For businesses whose files must be updated within a specific time frame, this policy is extremely useful, especially because those users will have access to any number of versions created within that time frame, be it 5 or 500.



Box’s approach to retention is closer to that of Office 365, where individual pieces of content can have specific retention timelines, and department admins as a whole can govern how long content is accessible for based on the specific needs of the department. Paying special attention to the legal needs of certain departments, Box offers a powerful “defensible discovery” feature for legal documents that allow admins to set special retention and recovery settings for documents of legal importance, ensuring that time and money spent in the event of litigation doesn’t accrue while a legal department is scrambling to find relevant documents. Additionally, Box empowers admins to set distinct regulations of download and sharing for sensitive documents so that–in the event a sensitive document must be deleted–unauthorized users don’t have the chance to download and preserve a copy for their own purposes.


Box’s approach to versioning is very similar to that of Office 365, though the specific number of previous file versions accessible to users depend upon the Box plan governing the account in which that file is stored. Business and Business Plus accounts have access to 50 previous versions of a given file, while Enterprise accounts have access to 100 previous versions. This incremental approach allows organizations to pick the plan (and the versioning approach) that they think they need for their compliance demands, ensuring that enterprises have more flexibility when it comes pricing.

Google Team Drives


Because organizations that make use of Google Drive will often have team drives and individual user drives, Google has built a retention policy that takes into account this multi-tiered storage approach. Content in personal drives can be retained or deleted as per the needs of the individual user, and can also be deleted or retained within the context of a Team Drive if the admin of that drive so chooses. This means that deleting a document that’s co-owned from your own drive won’t wipe that document out for the others who need to make use of it. It also means that sensitive documents available to multiple users can be wiped from all of their drives by an admin if the situation demands it. The ability to set retention or deletion policies for Team Drives is normally reserved for admins, but the privilege can be distributed among other users within the drive if the admin so chooses.


Google Team Drives offers users the opportunity to see a limited number of previous versions, but, also, to denote that an individual version should be saved forever, even if a more recent version of the file is created. This helps users save on storage space, and, additionally, means that admins can select the versions they think might come in handy down the line, eliminating the need to sort through dozens of versions with minor or insignificant changes to find the information they’re looking for. If a user or admin does not select the option to “Keep Forever” old versions will eventually be merged or deleted to conserve storage space in the Drive.

Don’t Migrate Uninformed

Migration is a large undertaking, and a failure to understand the specific policies of the platform to which you’re migrating can make that undertaking all for naught. In the age of GDPR and increasing digital security concerns, it’s essential that organizations take a long look at the compliance potential of the platforms to which they’re considering migrating. In the same way that every organization has different collaborative and storage needs, the legal and regulatory needs of your organization have to be considered prior to migration.

Properly armed with this knowledge, your organization can make absolutely certain that your users get the very best services in the cloud, the perfect services for the demands facing your users and your organization. When it comes to security and compliance, the cloud offers unprecedented potential. Taking advantage of that potential in the right way, with the right tools is absolutely crucial.