Data loss prevention (DLP) solutions identify and enforce policies to prevent the loss or misuse of sensitive data – whether at rest in a data center, in motion over the network, or in use on a laptop or desktop.
Data Loss Prevention (DLP) is a computer security phrase referring to systems that identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), and with a centralized management framework. The systems are designed to detect and prevent the unauthorized use and transmission of confidential information.
Types of DLP systems
Network DLP
Network DLP systems can be referred as gateway-based systems. Network DLP systems are usually dedicated hardware/software platforms, typically installed on the organization's internet network connection, that analyze network traffic to search for unauthorized information transmissions, including email, IM, FTP, HTTP, and HTTPS. It has the advantage that they are simple to install, and provide a relatively low cost of ownership. Network DLP systems can also discover data at rest (data stored throughout the enterprise) to identify areas of risk where confidential data is stored in inappropriate and/or unsecured locations.
Host-based DLP systems
Host-based DLP systems run on end-user workstations or servers in the organization. Similar to network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users. They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication will not be identified in a subsequent legal discovery condition.
Data Identification
DLP solutions consist of lot of techniques for identifying confidential or sensitive information. Now and then confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for. DLP solutions make use of multiple methods for deep content analysis, ranging from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting. The power of the analysis engine directly correlates to its accuracy. The accuracy of DLP identification is important to lowering/avoiding false positives and negatives. Accuracy can depend on many variables, some of which may be situational or technological. Testing for accuracy is recommended to ensure a solution has virtually zero false positives/negatives.