Data Governance policies may be used to manage the data targets (mailboxes, SharePoint content, file shares, etc.) that are linked to Discover. These polices can be configured to support a wide variety of business processes from discovering sensitive information to enforcing retention criteria. Policies are made up of:
A workflow - which determines the actions that will be taken
Data Targets– either people, devices or groups (Discover offers several grouping mechanisms)
An optional schedule - Policies may be run on-demand or they may be configured to run on a recurring basis according to a schedule
From an operational perspective, when a policy is started (either manually or via schedule) it results in a request being queued for each Connector. Each Connector periodically polls Discover to determine if there is a database request pending for one of the Agents that it manages; it is important to note that the Connector is responsible for initiating all communications with the cloud. Initiating communications from the Connector minimizes the need for custom firewall settings and helps alleviate concerns over possible tampering with a communication session.
When a Connector check-in occurs and there is a policy waiting for one of its Agents, the policy manifest is downloaded for local execution. The agent then attaches to the designated managed target (e.g. mailbox), applies the business logic outlined in the policy workflow and forwards appropriate results (reports, log files, etc.) back to the Connector, which in turn transfers that information back to the hosted environment. After all of the Agents assigned to a policy have either reported in or exceeded a timeout period, the policy is marked as complete and the log files are transferred from the Connectors to the Discover dashboard, providing a complete audit trail.
You can learn more about the components of Discover’s Data Governance module by clicking on any of the following links:
Discover policies utilize workflows to map out the sequence of steps that will take place when a policy is executed. Workflows are developed using either the simplified web editor or a desktop application called the Workflow Editor which is available from the Discover download center. This editor provides a flowchart-like interface for designing complex workflows. The diagram below shows the web view of a workflow that is designed to create an inventory report of files exceeding 5 MB in size.
The Workflow Editor communicates with the Discover dashboard, allowing authorized users to save workflows to the hosted site or download workflows created in the web editor for additional edits. Once a workflow has been saved to the dashboard, it becomes available to be used for a policy.
A policy provides the implementation package for each Discover workflow. When creating a policy, clients provide instructions on how the workflow should be executed (for example run in live or test mode), what data targets the workflow should process (i.e. workstations, mailboxes, file shares, etc.) and whether the policy should be triggered automatically on a scheduled basis.