Browse Definitions :
data classification data breach
X
Definition

data loss prevention (DLP)

What is data loss prevention (DLP)?

Data loss prevention (DLP) -- sometimes referred to as data leak prevention, information loss prevention and extrusion prevention -- is a strategy to mitigate threats to critical data. DLP is commonly implemented as part of an organization's plan for overall data security.

Using a variety of software tools and data privacy practices, DLP aims to prevent unauthorized access to sensitive information. It does this by classifying the different content types within a data object and applying automated protection policies.

A multilayered DLP strategy ensures sensitive information remains behind a network firewall. Creating a DLP plan also enables an organization to review and update its data storage and retention policies to maintain regulatory compliance.

The work-from-home trend, coupled with more sophisticated cyber attacks, underscore the growing interest in DLP. Research firm Gartner estimated that 90% of organizations implemented at least one form of integrated DLP in 2021, up from 50% in 2017.

Data protection strategy diagram
Data loss prevention is one element of a broader data protection strategy.

How does data loss prevention work?

DLP software monitors, detects and blocks sensitive data from leaving an organization. That means monitoring both data entering the corporate networks, as well as data attempting to exit the network.

Most DLP software products focus on blocking actions. For example, if an employee tried to forward a business email against company policy outside the corporate domain or upload a corporate file to a consumer cloud storage service such as DropBox, permission would be denied.

Also, DLP software can block employee computers from reading and writing to USB thumb drives to prevent unauthorized copying.

Detection primarily centers on monitoring incoming email, looking for suspicious attachments and hyperlinks for phishing attacks. Most DLP software offers organizations the option of flagging inconsistent content for staff to manually examine or block it outright.

In the early days of DLP, security teams set the rules around detection and blocking, but those were simplistic and often circumvented. Newer software uses machine learning-based artificial intelligence, which can learn and improve the approach to detection and blocking over time.

Common causes of software-as-a-service data loss
Data loss can happen in several different ways.

Why is data loss prevention important?

Data loss can result in hefty fines and possibly criminal penalties. It also can negatively affect an organization's business and even put it out of business.

In 2017, the personal and financial information of nearly 150 million people was stolen from an unpatched Equifax database. The company failed to fix the vulnerability promptly, then failed to inform the public of the breach for weeks after it was discovered. In July 2019, the credit agency was fined $575 million.

Data loss could cause executives to lose their jobs. Top execs at Target and Equifax resigned following major data breaches that hurt their companies and cost them millions in fines.

If the fines don't kill a business, the loss of customer and public faith well might. A 2019 report by the National Cyber Security Alliance, based on a Zogby Analytics survey of 1,006 small businesses with up to 500 employees, found that 10% of companies went out of business after suffering a data breach, 25% filed for bankruptcy and 37% experienced a financial loss.

What are the types of data loss prevention?

Network DLP covers a range of data security techniques. These include the following:

  • Data identification. DLP is only useful if it is told what is and is not sensitive. Businesses should use an automated data discovery and classification tool to ensure reliable and accurate identification and categorization of data rather than leaving it to humans to decide.
  • Protecting data in motion. Data is moved around quite a bit internally, and external breaches often rely on this to reroute the data. DLP software can help ensure that data in motion is not routed someplace it should not go.
  • Protecting data at rest. This technique secures data when it is not moving, such as residing in databases, other apps, cloud repositories, computers, mobile devices and other means of storage.
  • Endpoint DLP. This type of DLP functionality protects data at the endpoint device level -- not just computers, but mobile phones and tablets as well. It can block data from being copied or encrypt all data as it is transferred.
  • Data leak detection. This technique involves setting a baseline of normal activity, then actively looking for unusual behavior.
  • Cloud DLP. DLP solutions have evolved to manage and protect critical data in software-as-a-service and infrastructure-as-a-service applications.

Common trends and reasons for DLP adoption

A 2022 Gartner report found that 35% of all DLP implementations fail. Such failure can lead to severe consequences for a business, including fines, penalties and degraded reputation. It's these types of factors that drive DLP adoption, including the following:

  • Cost. The average total cost of a data breach was $4.2 million in 2021, a 10% increase from 2020, according to an IBM and the Ponemon Institute report.
  • Compliance. Expanding global regulations heightens the need for DLP to satisfy expansive laws and requirements on data governance.
  • Data volume. Companies produce more data than ever, and the data generates a great deal of value. Sophisticated hackers are on the prowl to find ways to steal data for profit, including identity theft, insurance fraud and other economic crimes.
  • Emergence of the chief information security officer (CISO). Companies are hiring professional security specialists such as CISOs to craft governance policies to secure intellectual property and other proprietary information. DLP is typically a significant part of efforts.
  • Talent shortage. Skilled data security professionals are in high demand and difficult to find. To compensate, organizations often outsource DLP to vendors that provide managed IT services.
  • Wider attack surface. Cloud services, endpoint devices and third-party vendor tools are potentially vulnerable to ransomware and other cybersecurity threats.

Data loss prevention best practices

Organizations can take several steps to implement a DLP program, including the following:

  1. Conduct an inventory and assessment. Businesses can't protect what they don't know they have. A complete inventory is a must. Some DLP products -- from vendors such as Barracuda Networks, Cisco and McAfee -- will do a complete scan of the network.
  2. Classify data. Organizations need a data classification framework for both structured and unstructured data. Such categories include personally identifiable information (PII), financial data, regulatory data and intellectual property.
  3. Establish data handling and remediation policies. The next step after classifying the data is to create policies for handling it. This is especially true with regulated data or in areas with strict rules -- such as Europe with GDPR and California with CCPA.
  4. Implement a single, centralized DLP program. Many organizations implement multiple DLP plans across different departments and business units. This leads to inconsistency of protection and the lack of a full picture of the network. There should be one overarching program.
  5. Educate employees. Unintended actions are far more common than malicious intent. Employee awareness and acceptance of security policies and procedures are critical to DLP.

Data loss prevention tools and technologies

There are two types of DLP products: dedicated and integrated.

Dedicated are standalone products that are in-depth and complex. Integrated products are more basic, work with other security tools regarding policy enforcement and are less expensive than dedicated DLP tools.

DLP software products use business rules to enforce regulatory compliance and classify and protect confidential and critical information. This means unauthorized users cannot accidentally or maliciously share data that poses an organizational risk.

It's doubtful one tool will meet all of an organization's data loss prevention needs. Many DLP vendors have one area of focus, while others have suites of tools that fit together. Businesses can assemble a set of best-of-breed tools or use an all-in-one suite.

Some of the premier vendors include the following:

  • Broadcom's Symantec Data Loss Prevention. This enterprise-level DLP software covers endpoints, data center and cloud computing.
  • Check Point Data Loss. This tool focuses on breaches and data exfiltration.
  • CoSoSys Endpoint Protector. This is a dedicated all-in-one protector for Windows, Apple and Linux.
  • ManageEngine Device Control Plus. This is a dedicated endpoint protector focused on USB security.
  • McAfee Total Protection for DLP. This is a suite of six DLP products for discovery, monitoring and prevention.
  • SolarWinds Data Loss Prevention with Access Rights Manager. Despite the massive security breach, SolarWinds is widely viewed as one of the best DLP providers out there.
  • VikingCloud Endpoint Protection. This product focuses on insider risk, such as data theft and unauthorized internet use.

Learn more about specific data loss prevention tools.

This was last updated in July 2022

Continue Reading About data loss prevention (DLP)

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close