Policy Workflows (V2)

New Feature

What's New?

Policy Maker has a brand new look and a whole new way to build policies. The new Policy Workflows experience replaces the previous form-based interface with a visual, node-based workflow builder — making it dramatically easier to see, understand, and control exactly what your policies do.

Instead of filling out a flat form, you now build policies as a visual flowchart by dragging and connecting nodes — triggers, filters, alerts, actions, and outcomes — into a sequence that reflects exactly how you want findings handled. You can see the entire logic of your policy at a glance, and everything is clickable and configurable inline. Workflows can also branch based on end-user responses, so that different instances of an issue are handled appropriately depending on the context — for example, routing a false positive down a different path than a confirmed finding.

This is the same powerful Policy Maker you know, rebuilt from the ground up to be more intuitive, more transparent, and more powerful.

What's in a Policy?

A policy workflow is a visual representation of your policy's logic, structured as a linear flow from start to finish. Each policy is made up of:

Triggers — the conditions that detect a finding. These can be based on data sensitivity, accessibility, or data age (staleness). You can stack multiple trigger conditions together.
Filters (optional) — narrow the scope of the policy to specific subsets of data, such as a particular drive, file type, path, owner, or tag.
Alerts — notifications sent when a finding is detected, via Slack, email or Jira. You can alert a specific channel, a specific person, or the data owner directly.
Actions — automated remediations taken in response to a finding, such as revoking access, redacting data, quarantining a file, or tagging a resource.
Status — add a status node to your workflow to set the outcome state of the finding (e.g., "Open", "Resolved").

What's Available Now

Building Policies

Visual workflow builder — build your policy as a drag-and-connect node graph
Connector selection — each policy is scoped to one connector (e.g., Google Drive, S3, SharePoint, Snowflake, RDS, and more)
Trigger configuration — define what constitutes a finding based on sensitivity, accessibility, or staleness
Filter nodes — scope your policy to specific resources or data subsets
Multi-select data elements — pick multiple data elements at once when configuring triggers (e.g., SSN + Credit Card + Phone Number together)
Inline validation — the builder only shows you actions and alerts that are valid for the connector you've selected
Save and edit — policies can be saved, listed, and edited at any time

Alert Types

Slack alerts — notify a specific channel or the resource data owner directly via Slack DM
Email alerts — send email notifications when findings are detected; action buttons are supported in email for end-user responses
Jira alerts — create Jira tickets for findings (alert-only for now; end-user actions via Jira coming soon)

Actions

Available actions vary by connector. Commonly supported actions include revoking access, redacting data elements, tagging resources, quarantining files, and reporting false positives or business justifications via Slack.

Findings View

Alongside the new workflow builder, a brand new Findings View is being built to give you a much richer picture of what your policies are detecting. The Findings View is currently in active development and will include:

Findings overview tab — a summary of all findings across your policies, with severity, policy type, and framework tagging
Findings over time graph — visualize how your findings count changes week over week
Data Store view — see findings organized by the data stores where they were detected
Resource view — drill into individual resources that are in findings, with full details including data elements, permissions, and a Prism summary
Resource details modal — a rich detail panel on any finding showing the overview, permissions, and all findings for that resource

How to Use Policy Workflows

Navigate to Policy Maker V2

In the left-hand navigation, find and click Policy Maker V2.

Create a New Policy

Click Create policy to open the workflow builder.

Select a Connector

Choose the connector this policy will apply to — for example, Google Drive, S3, SharePoint, or Snowflake. Each policy is tied to one connector, and the available triggers, filters, and actions will update based on your selection.

Add Triggers

Add one or more trigger conditions that define what constitutes a finding. Triggers fall into three categories:

Sensitivity — triggered when classified data (e.g., PII, PHI, financial data) is detected
Accessibility — triggered by access findings (e.g., a file shared externally or publicly)
Staleness — triggered by data age (e.g., last accessed more than 90 days ago)

You can combine multiple trigger conditions within a single policy.

Build Your Workflow

After adding at least one trigger, the workflow graph unlocks. From here, you can add nodes by clicking the + button and selecting the node type:

Add a Filter node to narrow down which resources the policy applies to
Add an Alert node to send notifications (Slack, email, or Jira) when a finding is found
Add an Action node to take automated remediation steps
Add additional Status or Alert nodes as needed

Connect nodes together to define the order of operations. Keep in mind:

The workflow must follow a single linear path — no branching
The path must end with a Status node — even if set to "Open"

Save and Activate

Click Save to store the policy. It will appear in the Policy Maker V2 policies list. From there, you can:

Edit the policy at any time by clicking its name
Enable automated execution so the policy runs continuously

Tips for Getting the Most Out of Policy Workflows

Use filters to reduce noise. If a policy is catching too many things, add a filter node to narrow the scope — for example, scope to a specific drive, site, or file type.
Alert before you act. A good pattern is to start with alerts only, monitor for a week or two, then add automated actions once you're confident in the policy's accuracy.
Stack multiple trigger conditions. You can add multiple trigger conditions to a single policy, which gives you more precise control over what gets flagged.

Common Policies to Get Started

Not sure where to begin? Here are the most common policy types we tend to see, organized by use case. These cover the scenarios that matter most to security, compliance, and data governance teams.

Data Exposure & Access Control

These policies detect sensitive data that has been shared too broadly.

Externally shared files with sensitive data Detect files containing PII, financial data, or credentials that are shared with external users or domains.

Trigger: Sensitivity (High or Critical) + Accessibility (external users have access)
Actions: Slack alert to data owner → revoke external access

Public link access Detect sensitive files accessible via "anyone with the link."

Trigger: Accessibility (public/anonymous link) + Sensitivity (any)
Actions: Slack alert to a security channel → disable public link

Domain-wide access Detect sensitive files shared with your entire organization — files that anyone in the company can access.

Trigger: Accessibility (org-wide or domain-wide sharing) + Sensitivity (High or Critical)
Actions: Slack alert to a security channel → restrict access to specific users or groups

Personal email sharing Detect files shared with personal email domains (Gmail, Yahoo, etc.).

Trigger: Accessibility (shared with personal domains) + Sensitivity (High or Critical)
Actions: Alert data owner via Slack or email

Data Retention & Stale Data

Enforce data lifecycle requirements and help reduce data sprawl.

Stale files with sensitive data Find old files that still contain sensitive data and haven't been accessed in years.

Trigger: Staleness (last accessed > 3 years) + Sensitivity (Medium or above)
Actions: Email alert to data owner → archive or delete

Dormant database tables Identify database tables (Snowflake, RDS) that haven't been accessed in 90+ days.

Trigger: Staleness (last accessed > 90 days)
Actions: Slack alert to data owner

PII & Sensitive Data Detection

Policies focused on finding specific sensitive data elements, regardless of sharing status.

SSN / Government ID detection Find resources containing Social Security Numbers, driver's licenses, or passports.

Trigger: Data element is SSN, Driver's License, or Passport
Actions: Slack or email alert → tag resource for review

Financial data detection Detect credit card numbers, bank account numbers, or financial documents.

Trigger: Data element is Credit Card Number, Bank Account, or Financial category
Actions: Alert security channel

Credentials & secrets Find API keys, passwords, tokens, or PEM files stored in files or code.

Trigger: Data element is Password, API Key, or Secret category
Actions: Slack alert → quarantine or redact

Automated Remediation

For teams ready to move beyond detection, these policies take direct action when findings are found. We recommend starting with alerts-only and running a dry run before enabling automated actions.

Auto-quarantine sensitive messages (Slack) Automatically quarantine Slack messages containing government IDs, SSNs, or credit card numbers.

Trigger: Data element is SSN, CCN, or Government ID
Actions: Quarantine message → notify user via Slack DM

Redact PII in support tickets (Zendesk) Automatically redact customer PII from closed or solved support tickets.

Trigger: Data element category is Profile or Financial
Filter: Ticket status is Closed or Solved
Actions: Redact data elements

Revoke access on externally shared sensitive files Automatically remove external access on files containing critical data.

Trigger: Accessibility (external users) + Sensitivity (Critical)
Actions: Revoke external access → notify data owner

Compliance Framework Policies

Policies tied to specific regulatory requirements.

SOC 2 — Access control monitoring Detect sensitive data with overly permissive access, supporting SOC 2 access control criteria.

Trigger: Accessibility (public or external) + Sensitivity (High or Critical)
Actions: Alert security team

HIPAA — PHI in unauthorized locations Detect protected health information stored outside approved systems.

Trigger: Data category is Medical/PHI
Filter: Exclude approved storage locations
Actions: Alert compliance team

PCI DSS — Credit card data handling Monitor for credit card data appearing in unapproved connectors or locations.

Trigger: Data element is Credit Card Number or CVV
Actions: Alert security channel → redact or quarantine

Feedback

Policy Workflows is new and the team is actively iterating. If you encounter issues, have questions about what's supported for your connector, or want to share feedback, please reach out to your Customer Engineer.

PreviousPolicy Maker NextAPI Service

Last updated 0 minutes ago

Was this helpful?

hashtagWhat's New?

hashtagWhat's in a Policy?

hashtagWhat's Available Now

hashtagBuilding Policies

hashtagAlert Types

hashtagActions

hashtagFindings View

hashtagHow to Use Policy Workflows

hashtagNavigate to Policy Maker V2

hashtagCreate a New Policy

hashtagSelect a Connector

hashtagAdd Triggers

hashtagBuild Your Workflow

hashtagSave and Activate

hashtagTips for Getting the Most Out of Policy Workflows

hashtagCommon Policies to Get Started

hashtagData Exposure & Access Control

hashtagData Retention & Stale Data

hashtagPII & Sensitive Data Detection

hashtagAutomated Remediation

hashtagCompliance Framework Policies

hashtagFeedback