Viewing details about the private data stored in your organization

Contributors netapp-tonacki Download PDF of this page

Gain control of your private data by viewing details about the personal data and sensitive personal data in your organization. You can also gain visibility by reviewing the categories and file types that Cloud Compliance found in your data.

By default, the Cloud Compliance dashboard displays compliance data for all working environments and databases.

A screenshot of the Cloud Compliance dashboard

If you want to see data for only some of the working environments, select those working environments.

You can also filter the results from the Data Investigation page and download a report of the results as a CSV file. See Filtering data in the Data Investigation page for details.

Personal data

Cloud Compliance automatically identifies specific words, strings, and patterns (Regex) inside the data. For example, Personal Identification Information (PII), credit card numbers, social security numbers, bank account numbers, and more. See the full list.

Additionally, if you have added a database server to be scanned, the Data Fusion feature allows you to scan your files to identify whether unique identifiers from your databases are found in those files or other databases. See Adding personal data identifiers using Data Fusion for details.

For some types of personal data, Cloud Compliance uses proximity validation to validate its findings. The validation occurs by looking for one or more predefined keywords in proximity to the personal data that was found. For example, Cloud Compliance identifies a U.S. social security number (SSN) as a SSN if it sees a proximity word next to it—​for example, SSN or social security. The table of personal data shows when Cloud Compliance uses proximity validation.

Viewing files that contain personal data

Steps
  1. At the top of Cloud Manager, click Compliance and click the Dashboard tab.

  2. To investigate the details for all personal data, click the icon next to the personal data percentage.

    A screenshot of selecting the personal data percentage.

  3. To investigate the details for a specific type of personal data, click View All and then click the Investigate Results icon for a specific type of personal data.

    A screenshot of the personal files dialog box where you can click the Investigate Results icon next to a personal data type.

  4. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

    A screenshot of details information after clicking Investigate Results.

Sensitive personal data

Cloud Compliance automatically identifies special types of sensitive personal information, as defined by privacy regulations such as articles 9 and 10 of the GDPR. For example, information regarding a person’s health, ethnic origin, or sexual orientation. See the full list.

Cloud Compliance uses artificial intelligence (AI), natural language processing (NLP), machine learning (ML), and cognitive computing (CC) to understand the meaning of the content that it scans in order to extract entities and categorize it accordingly.

For example, one sensitive GDPR data category is ethnic origin. Because of its NLP abilities, Cloud Compliance can distinguish the difference between a sentence that reads "George is Mexican" (indicating sensitive data as specified in article 9 of the GDPR), versus "George is eating Mexican food."

Only English is supported when scanning for sensitive personal data. Support for more languages will be added later.

Viewing files that contain sensitive personal data

Steps
  1. At the top of Cloud Manager, click Compliance.

  2. To investigate the details for all sensitive personal data, click the icon next to the sensitive personal data percentage.

    A screenshot of selecting the sensitive personal data percentage.

  3. To investigate the details for a specific type of sensitive personal data, click View All and then click the Investigate Results icon for a specific type of sensitive personal data.

    A screenshot of the sensitive personal files dialog box where you can click the Investigate Results icon next to a personal data type.

  4. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

Categories

Cloud Compliance takes the data that it scanned and divides it into different types of categories. Categories are topics based on AI analysis of the content and metadata of each file. See the list of categories.

Categories can help you understand what’s happening with your data by showing you the types of information that you have. For example, a category like resumes or employee contracts can include sensitive data. When you investigate the results, you might find that employee contracts are stored in an insecure location. You can then correct that issue.

Only English is supported for categories. Support for more languages will be added later.

Viewing files by categories

Steps
  1. At the top of Cloud Manager, click Compliance.

  2. Click the Investigate Results icon for one of the top 4 categories directly from the main screen, or click View All and then click the icon for any of the categories.

    A screenshot of the categories dialog box where you can click the Investigate Results icon next to a category.

  3. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

File types

Cloud Compliance takes the data that it scanned and breaks it down by file type. Reviewing your file types can help you control your sensitive data because you might find that certain file types are not stored correctly. See the list of file types.

For example, you might be storing CAD files that include very sensitive information about your organization. If they are unsecured, you can take control of the sensitive data by restricting permissions or moving the files to another location.

Viewing file types

Steps
  1. At the top of Cloud Manager, click Compliance.

  2. Click the Investigate Results icon for one of the top 4 file types directly from the main screen, or click View All and then click the icon for any of the file types.

    A screenshot of the file types dialog box where you can click the Investigate Results icon next to a file type.

  3. Investigate the data by searching, sorting, expanding details for a specific file, clicking Investigate Results to see masked information, or by downloading the file list.

Viewing file metadata and permissions

In the Data Investigation results pane you can click right-caret for any single file to view the file metadata.

A screenshot showing the metadata details for a file in the Data Investigation page.

In addition to showing you the working environment and volume where the file resides, the metadata shows much more information, including the file permissions, file owner, and assigned AIP label (if you have integrated AIP in Cloud Compliance). This information is useful if you’re planning to create highlights because you can see all the information that you can use to filter your data.

Note that not all information is available for all data sources - just what is appropriate for that data source. For example, permissions and AIP labels are not relevant for database files.

There are also two items in this metadata that allow you to make changes to files:

  • If you have integrated AIP labels with Cloud Compliance, you can assign a label to this file, or change to a different label if one already exists. See Assigning AIP labels manually for details.

  • You can delete the file. See Deleting source files for details.

Viewing Dashboard data for specific working environments

You can filter the contents of the Cloud Compliance dashboard to see compliance data for all working environments and databases, or for just specific working environments.

When you filter the dashboard, Cloud Compliance scopes the compliance data and reports to just those working environments that you selected.

Steps
  1. Click the filter drop-down, select the working environments that you’d like to view data for, and click View.

    screenshot cloud compliance filter

Filtering data in the Data Investigation page

You can filter the contents of the investigation page to display only the results you want to see. If you want to save a CSV version of the content as a report after you have refined it, click the The Download Report button. button.

A screenshot of the filters available when refining the results in the investigation page.

  • The top-level tabs allow you to view data from files (unstructured data) or from databases (structured data).

  • The controls at the top of each column allow you to sort the results in numerical or alphabetical order.

  • The left-pane filters enable you to refine the results by working environment, storage repository, category, private data, file type, file size, last modified date, whether the S3 object’s permissions are open to public access, etc…​

  • The Highlights filter at the top of the Filters pane lists the custom filters that provide commonly requested combinations of filters; like a saved database query or Favorites list. Go here to view the list of predefined highlights and to see how you can create your own custom highlights.

What’s included in each file list report (CSV file)

From each Investigation page you can click the button download button to download file lists (in CSV format) that include details about the identified files. If there are more than 10,000 results, only the top 10,000 appear in the list.

Each file list includes the following information:

  • File name

  • Location type

  • Working environment

  • Storage repository

  • Protocol

  • File path

  • File type

  • File size

  • File owner

  • Category

  • Personal information

  • Sensitive personal information

  • Deletion detection date

    A deletion detection date identifies the date that the file was deleted or moved. This enables you to identify when sensitive files have been moved. Deleted files aren’t part of the file number count that appears in the dashboard or on the Investigation page. The files only appear in the CSV reports.