Viewing compliance details about the data stored in your organization

Contributors netapp-tonacki

Gain control of your private data by viewing details about the personal data and sensitive personal data in your organization. You can also gain visibility by reviewing the categories and file types that Cloud Data Sense found in your data.

Note The capabilities described in this section are available only if you have chosen to perform a full classification scan on your data sources. Data sources that have had a mapping-only scan do not show file-level details.

By default, the Cloud Data Sense dashboard displays compliance data for all working environments and databases.

A screenshot of the Cloud Data Sense dashboard

If you want to see data for only some of the working environments, select those working environments.

You can also filter the results from the Data Investigation page and download a report of the results as a CSV file. See Filtering data in the Data Investigation page for details.

Viewing files that contain personal data

Cloud Data Sense automatically identifies specific words, strings, and patterns (Regex) inside the data. For example, Personal Identification Information (PII), credit card numbers, social security numbers, bank account numbers, passwords, and more. See the full list.

Additionally, if you have added a database server to be scanned, the Data Fusion feature allows you to scan your files to identify whether unique identifiers from your databases are found in those files or other databases. See Adding personal data identifiers using Data Fusion for details.

For some types of personal data, Data Sense uses proximity validation to validate its findings. The validation occurs by looking for one or more predefined keywords in proximity to the personal data that was found. For example, Data Sense identifies a U.S. social security number (SSN) as a SSN if it sees a proximity word next to it—​for example, SSN or social security. The table of personal data shows when Data Sense uses proximity validation.

Steps
  1. At the top of Cloud Manager, click Data Sense and click the Compliance tab.

  2. To investigate the details for all personal data, click the icon next to the personal data percentage.

    A screenshot of selecting the personal data percentage.

  3. To investigate the details for a specific type of personal data, click View All and then click the Investigate Results icon for a specific type of personal data; for example, email addresses.

    A screenshot of the personal files dialog box where you can click the Investigate Results icon next to a personal data type.

  4. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

    A screenshot of details information after clicking Investigate Results.

Viewing files that contain sensitive personal data

Cloud Data Sense automatically identifies special types of sensitive personal information, as defined by privacy regulations such as articles 9 and 10 of the GDPR. For example, information regarding a person’s health, ethnic origin, or sexual orientation. See the full list.

Cloud Data Sense uses artificial intelligence (AI), natural language processing (NLP), machine learning (ML), and cognitive computing (CC) to understand the meaning of the content that it scans in order to extract entities and categorize it accordingly.

For example, one sensitive GDPR data category is ethnic origin. Because of its NLP abilities, Data Sense can distinguish the difference between a sentence that reads "George is Mexican" (indicating sensitive data as specified in article 9 of the GDPR), versus "George is eating Mexican food."

Note Only English is supported when scanning for sensitive personal data. Support for more languages will be added later.
Steps
  1. At the top of Cloud Manager, click Data Sense and click the Compliance tab.

  2. To investigate the details for all sensitive personal data, click the icon next to the sensitive personal data percentage.

    A screenshot of selecting the sensitive personal data percentage.

  3. To investigate the details for a specific type of sensitive personal data, click View All and then click the Investigate Results icon for a specific type of sensitive personal data.

    A screenshot of the sensitive personal files dialog box where you can click the Investigate Results icon next to a personal data type.

  4. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

Viewing files by categories

Cloud Data Sense takes the data that it scanned and divides it into different types of categories. Categories are topics based on AI analysis of the content and metadata of each file. See the list of categories.

Categories can help you understand what’s happening with your data by showing you the types of information that you have. For example, a category like resumes or employee contracts can include sensitive data. When you investigate the results, you might find that employee contracts are stored in an insecure location. You can then correct that issue.

Note English, German, and Spanish are supported for categories. Support for more languages will be added later.
Steps
  1. At the top of Cloud Manager, click Data Sense and click the Compliance tab.

  2. Click the Investigate Results icon for one of the top 4 categories directly from the main screen, or click View All and then click the icon for any of the categories.

    A screenshot of the categories dialog box where you can click the Investigate Results icon next to a category.

  3. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

Viewing files by file types

Cloud Data Sense takes the data that it scanned and breaks it down by file type. Reviewing your file types can help you control your sensitive data because you might find that certain file types are not stored correctly. See the list of file types.

For example, you might be storing CAD files that include very sensitive information about your organization. If they are unsecured, you can take control of the sensitive data by restricting permissions or moving the files to another location.

Steps
  1. At the top of Cloud Manager, click Data Sense and click the Compliance tab.

  2. Click the Investigate Results icon for one of the top 4 file types directly from the main screen, or click View All and then click the icon for any of the file types.

    A screenshot of the file types dialog box where you can click the Investigate Results icon next to a file type.

  3. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

Viewing file metadata

In the Data Investigation results pane you can click down-caret for any single file to view the file metadata.

A screenshot showing the metadata details for a file in the Data Investigation page.

In addition to showing you the working environment and volume where the file resides, the metadata shows much more information, including the file permissions, file owner, whether there are duplicates of this file, and assigned AIP label (if you have integrated AIP in Cloud Data Sense). This information is useful if you’re planning to create Policies because you can see all the information that you can use to filter your data.

Note that not all information is available for all data sources - just what is appropriate for that data source. For example, volume name, permissions, and AIP labels are not relevant for database files.

When viewing the details for a single file there are a few actions you can take on the file:

Viewing permissions for files

To view a list of all users or groups who have access to a file, and the types of permissions they have, click View all Permissions. This button is available only for files in CIFS shares, SharePoint, and OneDrive.

Note that if you see SIDs (Security IDentifiers) instead of user and group names, you should integrate your Active Directory into Data Sense. See how to do this.

A screenshot showing detailed file permissions.

You can click the name of a user or a group and the Investigation page is displayed with the name of that user or group in the “User / Group Permissions” filter so you can see all the files that the user or group has access to.

Additionally, you can click down-caret for any group to see the list of users who are part of the group.

Checking for duplicate files in your storage systems

You can view if duplicate files are being stored in your storage systems. This is useful if you want to identify areas where you can save storage space. It can also be helpful to make sure certain files that have specific permissions or sensitive information are not unnecessarily duplicated in your storage systems.

Data Sense uses hashing technology to determine duplicate files. If any file has the same hash code as another file, we can be 100% sure that the files are exact duplicates — even if the file names are different.

You can download the list of duplicate files and send it to your storage admin so they can decide which files, if any, can be deleted. Or you can delete the file yourself if you are confident that a specific version of the file is not needed.

Viewing all duplicated files

If you want a list of all files that are duplicated in the working environments and data sources you are scanning, you can use the filter called Duplicates > Has duplicates in the Data Investigation page.

All files with duplicates from all file types (not including databases), with a minimum size of 50 MB, and/or containing personal or sensitive personal information, will show in the Results page.

Viewing if a specific file is duplicated

If you want to see if a single file has duplicates, in the Data Investigation results pane you can click down-caret for any single file to view the file metadata. If there are duplicates of a certain file, this information appears next to the Duplicates field.

To view the list of duplicate files and where they are located, click View Details. In the next page click View Duplicates to view the files in the Investigation page.

A screenshot showing how to view where duplicated files are located.

Tip You can use the "file hash" value provided in this page and enter it directly in the Investigation page to search for a specific duplicate file at any time - or you can use it in a Policy.

Viewing Dashboard data for specific working environments

You can filter the contents of the Cloud Data Sense dashboard to see compliance data for all working environments and databases, or for just specific working environments.

When you filter the dashboard, Data Sense scopes the compliance data and reports to just those working environments that you selected.

Steps
  1. Click the filter drop-down, select the working environments that you’d like to view data for, and click View.

    A screenshot showing how to filter the investigation results for specific working environments.

Filtering data in the Data Investigation page

You can filter the contents of the investigation page to display only the results you want to see. This is a very powerful feature because after you’ve refined the data, you can use the button bar at the top of the page to perform a variety of actions, including copying files, moving files, adding a tag or AIP label to the files, and more.

If you want to download the contents of the page as a report after you’ve refined it, click the download button button to save a .CSV file.

A screenshot of the filters available when refining the results in the investigation page.

  • The top-level tabs allow you to view data from files (unstructured data), directories (folders and file shares), or from databases (structured data).

  • The controls at the top of each column allow you to sort the results in numerical or alphabetical order.

  • The left-pane filters enable you to refine the results by selecting from the following attributes:

    Filter Details

    Policies

    Select a policy or policies. Go here to view the list of existing policies and to create your own custom policies.

    Open Permissions

    Select the type of permissions within the data and within folders/shares

    User / Group Permissions

    Select one or multiple user names and/or group names, or enter a partial name

    File Owner

    Enter the file owner name

    Label

    Select AIP labels that are assigned to your files

    Working Environment Type

    Select the type of working environment. OneDrive, SharePoint, and Google Drive are categorized under "Cloud Apps".

    Working Environment name

    Select specific working environments

    Storage Repository

    Select the storage repository, for example, a volume or a schema

    File Path

    Enter a partial or full path

    Category

    Select the types of categories

    Sensitivity Level

    Select the sensitivity level

    Personal Data

    Select the types of personal data

    Sensitive Personal Data

    Select the types of sensitive personal data

    Data Subject

    Enter a data subject’s full name or known identifier

    Directory Type

    Select the directory type; either "Share" or "Folder"

    File Type

    Select the types of files

    File Size

    Select the file size range

    Created Time

    Select a range when the file was created

    Discovered Time

    Select a range when Data Sense discovered the file

    Last Modified

    Select a range when the file was last modified

    Last Accessed

    Select a range when the file was last accessed. For the types of files that Data Sense scans, this is the last time Data Sense scanned the file.

    Duplicates

    Select whether the file is duplicated in the repositories

    File Hash

    Enter the file’s hash to find a specific file, even if the name is different

    Tags

    Select the tag or tags that are assigned to your files

    Assigned To

    Select the name of the person to which the file is assigned

Note that the actions available in the button bar and Policies are not currently supported at the "Directory" level.