Data loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.
Data can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.
DLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.
The proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.
One class of DLP technologies secures data in use, defined as data that is being actively processed by an application or an endpoint. These safeguards usually involve authenticating users and controlling their access to resources.
When confidential data is in transit across a network, DLP technologies are needed to make sure it is not routed outside the organization or to insecure storage areas. Encryption plays a large role in this step. Email security is also critical since so much business communication goes through this channel.
Even data that is not moving or in use needs safeguards. DLP technologies protect data residing in a variety of storage mediums, including the cloud. DLP can place controls to make sure that only authorized users are accessing the data and to track their access in case it is leaked or stolen.