Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

On This Page

Overview

A tracking group is a label (or category) that will be assigned to a file when a policy runs. A policy can contain multiple tracking groups, and each tracking group includes multiple pieces of information that determine everything from the criteria a file needs to meet to be a part of the tracking group to the actions that should be taken against the file in the tracking group. The tracking groups are the heart of the policy.

Understanding Tracking Groups

Tracking groups contain multiple pieces of information: priority, risk level, name, cost per incident, assignment rules, and actions.

Priority

SkySync evaluates the tracking groups in priority order--the order they are sorted within the policy. Although a file may match the rules for multiple tracking groups, a file can only exist in one tracking group, so it will be assigned to the first tracking group that is matched. Therefore, you should order your tracking groups from highest risk level to lowest risk level to ensure a file is always matched against the higher risk levels first.

Risk Level

The risk level identifies the sensitivity of the content within the file and how negatively the content could impact your organization if it were to remain in its current state. The risk level is defined at the tracking group level, so all files within the tracking group are classified as having that defined risk. For example, if you create a tracking group "Sensitive" and set the risk level to "High," any file that meets the criteria of the assignment rules for the tracking group is considered high-risk content and will be flagged accordingly.

Name

You assign a name to each tracking group. The name displays in all reporting for the tracking group. The group name should follow a logical labeling schema that helps identify the tracking group and the content the tracking group is designed to identify.

Cost per Incident

Each tracking group can be assigned a cost. This is the amount a file in the tracking group could cost the company in legal fees or penalties if it remains in its current state. For example, if a file contains sensitive data and is stored in a shared location (network shared drive, cloud storage platform, etc.), it could cost the company a set amount of money in fines if the company’s data were to be audited or if a security breach allowed that file to be exposed. The cost is included in the reporting for the tracking group so you can see the total cost for the tracking group (cost times the number of files in the tracking group).

Assignment Rules

Assignment rules are lists of entity types that should be run against a file. You can add one to many assignment rules to a tracking group, and each assignment rule can consist of one to many entity types.

The list of entity types within a single assignment rule serves as an “and” condition. A file must match all the entity types listed for the file to be added to the tracking group.

Each individual assignment rule serves as an “or” condition. SkySync will compare each file to each assignment rule in a tracking group. If the file doesn’t match an assignment rule, SkySync will work through the subsequent assignment rules in priority order. As soon as the file matches one of the assignment rules, SkySync adds it to the corresponding tracking group.

Actions

The actions for a tracking group tell SkySync what to do with the files in each tracking group. Multiple actions can be applied to the tracking group to force the remediation through an approval workflow, or you can select to take a definitive action against the file as soon as it is assigned to the tracking group.

  • Approval: Select this action when you want to require manual approval. You would choose this option if you want to manually take action against the files in the tracking group. The files are flagged, and you will be responsible for properly remediating the files.

  • Delay: This option delays any additional actions on the tracking group for the specified time. When selected, you will specify the delay value and interval (seconds, minutes, hours, or days). This option would be used in combination with another action. For example, you could set the action to delay deleting or moving files in a tracking group for five days to allow for review before the move or delete occurs.

  • Delete: SkySync will delete files that belong to the tracking group.

  • Move: SkySync will move the files to a specified location. When you select this action, you need to specify the connection and directory where SkySync needs to move the files.

  • Remediate: SkySync will mark the files as remediated. This action indicates there is no other action required. This option will most often be used for files with a low risk level or files with no risk.

  • No labels