Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Use Tags
How to Manage Business Processes
How to Work with Data Assets and Targets
What is an Asset?What is a Target?How to Get Started with Data Asset InventoryData Assets and Targets - OverviewData Assets and Targets - Data AssetsHow to Use the SDV3™ DashboardExample Data Asset Inventory SetupHow to Create New Data AssetsHow to View Details About Data AssetsHow to Search for a Data AssetHow to View Target Details and Search for a TargetHow to Add a Cloud TargetHow to Add a Collaboration Tools TargetHow to Add a Database TargetHow to Add Jira Cloud as a Target using the Spirion AnyScan (CData) ConnectorHow to Add an E-Mail TargetHow to Create an Exchange Online TargetHow to Add a Remote Machine TargetHow to Add a Website TargetHow to Edit a TargetHow to Remove a TargetHow to Bulk Import TargetsHow to Bulk Assign Tags to TargetsHow to Manage a Target PermissionHow to Remove a Target PermissionWhat is Remediation?How do I Segment Targets Effectively in Spirion Sensitive Data Platform?How do I Assign Agents to Specific Target Segments?Can I Automate Agent Assignment based on Target Type?
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

How do I Segment Targets Effectively in Spirion Sensitive Data Platform?

Effective target segmentation in Spirion Sensitive Data Platform is the discipline of Blast Radius Control. By slicing your environment into manageable, logical units, you ensure that scans are predictable, results are actionable, and remediation is safe.

1. Segment by Business Unit or Ownership

Instead of scanning "All File Shares," segment them by the teams that own the data.

  • Why it works: When you find sensitive data in the Finance_Share, you know exactly who to notify.
  • Operational Benefit: You can assign different Playbooks to different business units (e.g., "Notify" for Marketing, but "Quarantine" for HR).

2. Segment by Risk Tier

Group your targets based on the sensitivity of the data they are likely to contain.

  • Tier 1 (High Risk): HR databases, executive mailboxes, and financial shares. Scan these frequently with a broad set of Data Types.
  • Tier 2 (Medium Risk): Departmental collaboration sites and general file servers. Scan these monthly.
  • Tier 3 (Low Risk): Public-facing web servers or temporary scratch space. Scan these quarterly.

3. Segment by Location or Path

For large repositories like SharePoint Online or massive NAS devices, use path-based slicing.

  • M365: Segment by Site Collection or specific Mailbox groups (for example, "Executive Mailboxes" vs. "General Staff").
  • File Shares: Instead of scanning \\Server\Root, create separate Targets for \\Server\Root\Legal and \\Server\Root\Projects.
  • Why it works: This prevents a single "unbounded" scan from running for days and potentially being throttled by the target system.

4. Segment by Agent Proximity

Assign targets to agents that are "network-close" to the data.

  • Example: Use a dedicated Windows agent in your London data center to scan London-based file shares.
  • Operational Benefit: This reduces network latency and prevents large amounts of data from crossing expensive or slow WAN links during the discovery phase.

5. Use "Pilot Groups" for New Policies

When introducing a new Data Type or a strong remediation action (like "Shred"), create a small "Pilot" target segment first.

  • The Strategy: Run the new policy against 10 representative endpoints or one small folder.
  • Why it works: This allows you to validate your detection accuracy and remediation logic before rolling it out to the entire enterprise.

Best Practices for Segmentation

  • Avoid "Unbounded" Scans: Never scan an entire enterprise target (for example, 5,000 mailboxes) in a single job. It makes troubleshooting nearly impossible if the scan fails at mailbox #4,001.
  • Leverage Search History: Smaller segments allow Spirion's Search History feature to work more effectively. Rescans of a small, segmented target will be much faster because the system can quickly identify and skip unchanged files.
  • Align with Reporting: Segment your targets in a way that matches how your leadership wants to see the data. If the CISO wants to see "Risk by Region," ensure your targets are segmented by North_America, EMEA, and APAC.

Summary Checklist

  1. Ownership: Does this segment have a clear data owner?
  2. Risk: Is the scanning frequency appropriate for this risk level?
  3. Performance: Is the segment small enough to complete within a standard maintenance window?
  4. Proximity: Is the assigned agent network-close to the target?

By mastering Blast Radius Control, you transform Spirion from a "one-time scanner" into a sustainable, enterprise-grade data governance program.

Was this article helpful?

Powered by Product Fruits