Skip to main content
BlueXP classification

View governance details about the data stored in your organization

Contributors netapp-tonacki amgrissino

Gain control of the costs related to the data on your organizations' storage resources. BlueXP classification identifies the amount of stale data, non-business data, duplicate files, and very large files in your systems so you can decide whether you want to remove or tier some files to less expensive object storage.

Additionally, if you're planning to migrate data from on-premises locations to the cloud, you can view the size of the data and whether any of the data contains sensitive information prior to moving it.

The Governance dashboard

The Governance dashboard provides information so that you can increase the efficiency and control the costs related to the data stored on your storage resources.

A screenshot of the BlueXP classification Governance dashboard.

Save Opportunities

You may want to investigate the items in the Saving Opportunities area to see if there is any data you should delete or tier to less expensive object storage. Click each item to view the filtered results in the Investigation page.

  • Stale Data - Data that was last modified over 3 years ago.

  • Non-Business Data - Data considered not to be business related, based on their Category or File Type. This includes:

    • Application Data

    • Audio

    • Executables

    • Images

    • Logs

    • Videos

    • Miscellaneous (general "other" category)

  • Duplicate Files - Files that are duplicated in other locations in the data sources you are scanning. See what types of duplicate files are displayed.

    NOTE

    If any of your data sources implement data tiering, old data that already resides in object storage may be identified in the Stale Data category.

Policies with the largest number of results

In the Policies area, the Policies with the greatest number of results appear at the top of the list. Click the name of a Policy to display the results in the Investigation page. Click View All to view the list of all available Policies.

Click here to learn more about Policies.

Data Overview

The Data Overview section provides a quick overview of all the data that is being scanned. Click the button to download a full data mapping report that includes Usage Capacity, Age of Data, Size of Data, and File Types for all of your working environments and data sources. See Data Mapping Report for complete details about this report.

Top data repositories listed by data sensitivity

The Top Data Repositories by Sensitivity Level area lists the top four data repositories (working environments and data sources) that contain the most sensitive items. The bar chart for each working environment is divided into:

  • Non-Sensitive data

  • Personal data

  • Sensitive Personal data

You can hover over each section to see the total number of items in each category.

Click each area to view the filtered results in the Investigation page so that you can investigate further.

Data listed by sensitivity and wide permissions

The Sensitive Data and Wide Permissions area provides a heatmap of files that contain sensitive data (including both sensitive and sensitive personal data) and that are overly permissive. This can help you to see where you may have some risks with sensitive data.

Files are rated based on the number of users with permission to access the files on the X axis (lowest to highest), and the number of sensitive identifiers within the files on the Y axis (lowest to highest). The blocks represent the number of files that match the items from the X and Y axes. The lighter colored block are good; with fewer users able to access the files, and with fewer sensitive identifiers per file. The darker blocks are the items you may want to investigate. For example, the screen below shows the hover text for the dark blue block. It shows that you have 1,500 files where 751-100 users have access, and where there are 501-100 sensitive identifiers per file.

A screenshot showing the data displayed when you place your cursor over an element in this panel.

You can click the block you are interested in to view the filtered results of the affected files in the Investigation page so that you can investigate further.

No data is displayed in this panel if you haven't integrated an identity service with BlueXP classification. See how to integrate your Active Directory service with BlueXP classification.

Tip This panel supports files in CIFS shares, OneDrive, and SharePoint data sources. There is currently no support for databases, Google Drive, Amazon S3, and generic object storage.

Data listed by types of Open Permissions

The Open Permissions area shows the percentage for each type of permissions that exist for all files that are being scanned. The chart shows the following types of permissions:

  • No Open Permissions

  • Open to Organization

  • Open to Public

  • Unknown Access

You can hover over each section to see the total number of files in each category. Click each area to view the filtered results in the Investigation page so that you can investigate further.

Age of Data and Size of Data graphs

You may want to investigate the items in the Age and Size graphs to see if there is any data you should delete or tier to less expensive object storage.

You can hover over a point in the charts to see details about the age or size of the data in that category. Click to view all the files filtered by that age or size range.

  • Age of Data graph - Categorizes data based on the time it was created, the last time it was accessed, or the last time it was modified.

  • Size of Data graph - Categorizes data based on size.

    NOTE

    If any of your data sources implement data tiering, old data that already resides in object storage may be identified in the Age of Data graph.

Most identified data Classifications

The Classification area provides a list of the most identified Categories, File types, and AIP Labels in your scanned data.

Categories

Categories can help you understand what's happening with your data by showing you the types of information that you have. For example, a category like "resumes" or "employee contracts" can include sensitive data. When you investigate the results, you might find that employee contracts are stored in an insecure location. You can then correct that issue.

See Viewing files by categories for more information.

File types

Reviewing your file types can help you control your sensitive data because you might find that certain file types are not stored correctly.

See Viewing file types for more information.

AIP labels

If you have subscribed to Azure Information Protection (AIP), you can classify and protect documents and files by applying labels to content. Reviewing the most used AIP labels that are assigned to files enables you to see which labels are most used in your files.

See AIP Labels for more information.

Data Mapping Report

The Data Mapping Report provides an overview of the data being stored in your corporate data sources to assist you with decisions of migration, back up, security, and compliance processes. The report first lists an overview that summarizes all your working environments and data sources, and then it provides a breakdown for each working environment.

The report includes the following information:

Category Description

Usage Capacity

For all working environments: Lists the number of files and the used capacity for each working environment.
For single working environments: Lists the files that are using the most capacity.

Age of Data

Provides three charts and graphs for when files were created, last modified, or last accessed. Lists the number of files, and their used capacity, based on certain date ranges.

Size of Data

Lists the number of files that exist within certain size ranges in your working environments.

File Types

Lists the total number of files and the used capacity for each type of file being stored in your working environments.

Generate the Data Mapping Report

You generate this report from the Governance tab in BlueXP classification.

Steps
  1. From the BlueXP menu, click Governance > Classification.

  2. Click Governance, and then click the Data Mapping Report button.

    A screenshot of the Governance Dashboard that shows how to launch the Data Mapping Report.

Result

BlueXP classification generates a PDF report that you can review and send to other groups as needed.

If the report is larger than 1 MB, the PDF file is retained on the BlueXP classification instance and you'll see a pop-up message about the exact location. When BlueXP classification is installed on a Linux machine on your premises, or on a Linux machine you deployed in the cloud, you can navigate directly to the PDF file. When BlueXP classification is deployed in the cloud, you'll need to SSH to the BlueXP classification instance to download PDF file. See how to access data on the Classification instance.

Note that you can customize the company name that appears on the first page of the report from the top of the BlueXP classification page by clicking the More button and then clicking Change company name. The next time you generate the report it will include the new name.

Data Discovery Assessment Report

The Data Discovery Assessment Report provides a high-level analysis of the scanned environment to highlight the system's findings and to show areas of concern and potential remediation steps. The results are based on both mapping and classifying your data. The goal of this report is to raise awareness of three significant aspects of your data set:

Feature Description

Data governance concerns

A detailed picture of all the data you own and areas where you may be able to reduce the amount of data to save costs.

Data security exposures

Areas where your data is accessible to internal or external attacks because of broad access permissions.

Data compliance gaps

Where your personal or sensitive personal information is located for both security and for DSARs (data subject access requests).

After the assessment, this report identifies areas where you can:

  • Reduce storage costs by changing your retention policy, or by moving or deleting certain data (stale, duplicate, or non-business data)

  • Protect your data that has broad permissions by revising global group management policies

  • Protect your data that has personal or sensitive personal information by moving PII to more secure data stores

Generate the Data Discovery Assessment Report

You generate this report from the Governance tab in BlueXP classification.

Steps
  1. From the BlueXP menu, click Governance > Classification.

  2. Click Governance, and then click the Data Discovery Assessment Report button.

    A screenshot of the Governance Dashboard that shows how to launch the Data Discovery Assessment Report.

Result

BlueXP classification generates a PDF report that you can review and send to other groups as needed.

Note that you can customize the company name that appears on the first page of the report from the top of the BlueXP classification page by clicking the More button and then clicking Change company name. The next time you generate the report it will include the new name.