Skip to content

Stale Data

As a general rule, File Access Manager stale data calculations are based on activity data, and default to using activity data it gathers. This may include read activity, if such activity is audited for the application type.

In cases where no activity data are available for the resource, the stale data calculation is based on the last access date tracked by the operating system. If such a date is not available, the initial collection date is considered as the last access timestamp. This is the case for all resources when we start the collection process.

Note

The method for recording the last accessed date may differ between application types, and according to the operating systems' support for last access tracking. For example, most SMB/CIFS-enabled file system disable last access tracking for read activity by default due to performance considerations.

Detecting Stale Data

File Access Manager offers Stale Data detection capabilities, to help organizations identify clusters of unused data, based on real activity-based usage data, as well as file-level metadata. Stale Data information is important in guiding organizations' governance efforts.

Understanding where stale data reside can lead organization to areas where access is granted unnecessarily, and data is kept and maintained without being used, which can be exploited by attackers. Stale Data is often forgotten and overlooked during governance process, precisely because of the fact it’s not being used. Some of this data may be sensitive, available on company resources as a sitting duck, increasing the likelihood of an incident or a breach.

Remediating stale data, by archiving, deleting or otherwise handling it, can reduce the organization attack surface, and well as reduce hosting costs. Information about the unused data in File Access Manager is aggregated to surface clusters of stale data, with the lowest level of granularity being a business resource (effectively, a folder). Information about stale data is available now as part of the Resources views under the Stale Data tab, in Stale Data and Resource Usage report, and in forensics views.

As part of File Access Manager resource discovery task, the crawl will now collect and aggregate the number and total size of stale files (files that have not been accessed for X long) within a folder. These numbers (# of stale files and the size of stale files) - will include all the resources sub-resources - calculus is based on Folders, not on individual files.

Stats will be calculated for all resources whose last accessed data is older than 3 months.

The following information about the stale data will be added to the resource and will be presented in both the Resources tab Data View and the Resource Explorer:

  • File size
  • File count
  • Percentage of stale data
  • Stale data size
  • Stale data file count

The following applications support the stale data task:

  • Windows File Server
  • NetApp
  • EMC-Isilon
  • EMC-Celerra
  • EMC-Unity
  • HDS
  • Azure File
  • CIFS

Archiving Stale Data

  1. Navigate to Admin > Application. One the desired CIFS application, select the more option button and then select Manage Resources.

  2. If you have Administrator permissions, select Archive Stale Data.

    The Archive Stale Data window appears.

  3. From the Number of months for Stale dropdown, select the number of months resources and files that have not been touched would be considered stale. The default is 12.

  4. Is dry run? is enabled by default. If kept enabled, this gets a list of files that needs to be moved into a log file. If disabled, this moves all stale files.
  5. Select Save to update the database with the number of months.
  6. Select Run Task to start the archive stale data task.
  7. Progress of the task can be tracked by selecting the Views Task Status link.
  8. Once the task is completed, Admins can retrieve the archived files log by searching in their SailPoint log folder.

  9. Search for the "PermissionsCollection.Archive Stale Data Successful Documents Details.csv" file.

    This will include the list of files that will be moved to the "Archived Files (FAM)" folder by the task when Dry Run is disabled.

Stale Data Report

To get an updates list of stale data in your system, configure and run the stale data report.

  1. Go to Reports > Templates.

  2. Search for “Stale Data” to find the report template.

  3. To configure the stale data report, select “Duplicate Template” from the dropdown menu on the report template.

  4. Configure the report:

    • Classification category

    • Last used (months) - time definition of stale data for this type of data. Default: 6 months

    • Resource minimal size (MB). Default: 0

    • Scope type - by application or folder name

    • Additional tags - to help find this report

  5. Choose to schedule or run the report now.

  6. Select Save to save and run the report according to the schedule.