Scanning an app's data

  • 3 minute(s) read
Prev Next

Overview

Account admins on the Enterprise plan can use the data scanner to identify potentially sensitive data in apps. The scanner can detect 9 predefined data types, as well as provide the ability to create custom data types using regular expressions.

  • Predefined data types:

    • Names

    • Geographical locations

    • US bank account numbers

    • Individual taxpayer identification numbers (ITIN)

    • Social Security numbers

    • Email addresses

    • Phone numbers

    • International bank account numbers (IBAN)

    • URLs

  • Custom data types - see Using custom search in Sensitive Data Scanner for more information

Accessing the data scanner

  1. Navigate to the Apps page in the Admin Console.

  2. Find the app you would like to scan. Click the View link in the Data Scanner column.

  3. On the Scan history page, click Start scan.

    • The button will change to show you that the scan is in progress.

    • Refresh the page every so often to see if the scan is complete. The speed of the scan depends on the size of the app. An app with 1 GB of data will take about 6 hours to scan.

Viewing scan results

When a scan is complete, it will show on the Scan history page. On this page, you will be able to see the following details:

  • Scan completion time

  • Data classification assigned to the app at time of scan

  • If the app was open to the internet at time of scan

  • How many records were flagged as containing potentially sensitive data

  • Scan configuration and the name of the configuration at the time of scan.

  • Probability that those records contain sensitive data

    • Quickbase uses regular expressions and AI to identify potentially sensitive data. The probability shown reflects how accurate the AI is. If you see that 272 records have been marked as "high" probability, that means we are at least 80% confident that the data has been flagged correctly. We will not flag any records that have less than a 30% probability of being flagged correctly. 

mceclip0.png

To see more details about each scan, click on the scan completion time to open the Scan details page. 

On the Scan details page, you will see the following details:

  • What type of sensitive data was identified

  • How many records were flagged for each data type

  • The table name and ID for each record

mceclip1.png

To see more details about each flagged record, export the CSV of the scan results. This also allows you to analyze the results more closely. Click on Table ID to view the table where this data was found.

To download the CSV, go to the Scan details page. Click on the Export scan to CSV link in the Page bar.

The CSV will show:

  • App ID

  • Table ID and name

  • Field ID and name

  • Record ID

  • The type of sensitive data identified

  • Probability

Understanding scan results

The sensitive data scanner is an automated tool that uses regular coding expressions and artificial intelligence (AI). Because it relies on AI, we cannot guarantee that it is identifying 100% of sensitive data correctly.

To help you understand how to prioritize and read scan results, we provide the probability that the records contain sensitive data. We label the probability as high, medium, or low:

  • High – 80% - 100% probability sensitive data was correctly identified

  • Medium – 50% - 80% 

  • Low – 30% - 50% 

We do not show any results with a probability lower than 30%.

Storing scan results

Quickbase only stores scan results for 31 days after the initial scan. Download scan results as a CSV to have access to them beyond the 31 days.

Scan limits

  • Each realm can run a total of 100 scans per month

  • You can scan up to 10 GB of data per month

  • You can only have a single scan running on an app at a time

  • Languages outside of English are not supported

  • The scan will only look at these field types:

    • Text

    • Text – Multi-line

    • Text – Multiple Choice

    • Rich Text

    • Multi-select Text

    • Numeric

  • Fields that hold data larger than 150kb will be skipped by the scanner

Best practices for scanning your app

It may take up to 6 hours to scan your app. Because the scan adds extra traffic to your app, it could impact app performance. 

  • Try to scan your app outside of normal business hours to reduce impact to app users

  • If you have used multiple custom rules as part of the configuration to scan your app, scan time will be impacted. 

If a scan takes multiple hours, the scan will only flag records that contain sensitive data before they are scanned. This means that if a scan takes multiple hours, Record ID #1 may be scanned at the very beginning. When the scan starts it may not contain any sensitive data. However, if someone adds data to Record ID #1 after it has already been scanned, it will not be flagged. 

As much as possible, try not to add new data to records while the scan takes place.