What Is Data Loss Prevention (DLP)?

Data loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.

Data can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.

How does DLP work?

DLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.

Why do organizations need DLP solutions?

The proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.
Learn more

Types of DLP technologies

DLP for data in use

One class of DLP technologies secures data in use, defined as data that is being actively processed by an application or an endpoint. These safeguards usually involve authenticating users and controlling their access to resources.

DLP for data in motion

When confidential data is in transit across a network, DLP technologies are needed to make sure it is not routed outside the organization or to insecure storage areas. Encryption plays a large role in this step. Email security is also critical since so much business communication goes through this channel.

DLP for data at rest

Even data that is not moving or in use needs safeguards. DLP technologies protect data residing in a variety of storage mediums, including the cloud. DLP can place controls to make sure that only authorized users are accessing the data and to track their access in case it is leaked or stolen.