After you onboard a cloud app, you must initiate scanning on that cloud app so that Data Security can scan for policy violations and data exposure. When you initiate scanning—known as discovery or initial backward scan—Data Security scans all assets in the associated cloud app. During the discovery process, Data Security also matches the assets against enabled default policy rules and identifies incidents. The time required to complete the discovery process depends on the number of assets on your cloud app. However, as soon as you begin to see the assets populate on the Data Security Dashboard, you can assess incidents.

After the discovery process completes, Data Security periodically queries for scannable root entities (for example, user, channel, shared drive, etc.) that are not on its list of known entities, and this scan frequency depends on the SaaS app, taking into account optimal performance; however, Data Security scans most SaaS apps every 5 minutes and is able to do so without delay if Data Security hasn’t reached the rate limit. Each cloud app has unique entities for scanning purposes. When Data Security detects such entities, two distinct scan processes trigger automatically: