Skip to content

Workflow Policy

This policy includes conditions such as sensitive tags, a file-size max limit (e.g., 1 MB), and file-data types to exclude (e.g., image).

  • If any of the alert conditions are met, the file is moved to quarantine location.

  • (Optional) If encryption is enabled and any sensitive tag is found, then the column with the sensitive tag is encrypted.

Note

For the nested files, encryption is only supported for primitive data types, not complex data types.

Supported Data Sources

The following data sources are supported for the Workflow without Encryption policy:

  • AWS S3
  • AZURE ADLS
  • GCP GCS

The following data sources are supported for the Workflow with Encryption policy:

  • AWS S3
  • AZURE ADLS

Supported File Formats

For the supported file formats on which the policy can be applied, see Matrix for Supported File Formats.

The following fields are included in the Workflow policy:

  • Name: This field indicates the name of Workflow policy.

  • Type: This field indicates the type of the Workflow policy.

  • Alert Level (Optional): This field indicates the level of alert: High, Medium, or Low.

  • Description (Optional): This field contains the description for the Workflow policy.

  • Status: This field indicates the policy is enabled or disabled. It is enabled by default.

  • Application: This field specifies the data source from which the scanned resources can be accessed and where the Workflow policy will be applied.

  • Transfer Location (Optional): This field specifies the location to which the input file is transferred if any of the alert conditions are not met.

  • Quarantine Location: This field specifies the location where the input file is moved if any of the alert conditions are met.

  • Archive Location (Optional): This field specifies the location where a copy of the original file is moved before any tagged records are removed from it.

  • Search for tags: The tags specified in this field help in identifying and classifying records that will be tagged and then expunged.

  • Apply Encryption Schemes: This field appears when you select the Encrypt Data checkbox. This field is populated with the names of the schemes that have been added to the application's Scheme section. To view the schemes, click and expand the Encryption & Masking from left menu, and then select the Schemes.

  • Max File Size (MB): This field excludes files based on file size and raises an alert if the condition is met.

  • Exclude File Types: This field excludes the files based on file type and raises an alert if the condition is met.

The workflow policy provides two options:

  • Workflow Policy without Encryption

  • Workflow Policy with Encryption

Workflow Policy without Encryption

The status of the workflow policy is enabled by default. If you do not want to encrypt your data, clear the Encrypt Data checkbox.

Add a Resource in the Data Zone

To add a resource to a data zone, see Add Resources.

When you run a scan on a data zone, and if any of the alert conditions are met (matching sensitive tags, file size exceeds the maximum limit, or excluded data type), the file is moved to a quarantine location.

If none of the conditions (sensitive tags, file type, and file size) are met and you have specified a transfer location, the file will be moved there.

Workflow Policy with Encryption

If you want to encrypt data, select the Encrypt Data checkbox.

Add a Resource in the Data Zone

To add a resource to a data zone, see Add Resources.

When you run a scan on a data zone, and if any of the alert conditions are met (matching sensitive tags, file size exceeding the maximum limit, or excluded data type), the column with the sensitive tag is encrypted and the file is moved to a quarantine location.

If none of the alert conditions are met and you have specified a transfer location, the file will be moved there.

If you have specified an archive location, the file will be moved there before being encrypted.