To begin securing the supported SaaS apps, you must connect them to Data Security by authenticating to the application using an administrator account (the specific privilege requirements vary from application to application). After you successfully authenticate, Data Security receives a token from the cloud app for establishing and maintaining a secure connection. Data Security then connects directly to the API for that app, which enables the scanning of all historical data that resides within the app, as well as continually monitoring modified or new data, and identifying policy violations and incidents.

To perform data discovery, Data Security gets metadata for all your files and folders on the application. Metadata includes file properties and attributes, and application-level metadata such as file owner, email recipients, and collaborators. For certain apps with structured data such as Salesforce, and messaging apps such as Slack, Facebook Workplace, and email apps, Data Security scans both structured and unstructured data. For all files such as attachments that are unstructured, the files are scanned and the metadata is always stored. Even though Data Security scans structured data, it does not store metadata for every field and message unless the field or message has some content that matches a data pattern defined on Data Security. This minimizes the privacy risk by storing all of your metadata.