Data loss prevention (DLP) refers to the identification and monitoring of sensitive data to ensure that it’s only accessed by authorized users and that there are safeguards against data leaks. Major insider threats as well as more stringent state privacy laws triggered the adoption of DLP in 2006.
DLP is a method of inspecting and keeping sensitive data from leaving the allowed perimeter. DLP systems are only concerned with the data passing over some kind of perimeter gateway device, such as through emails, instant messages and Web 2.0 applications.
DLP has the following key features:
- It is configurable with automated remediation. From a financial perspective, this can significantly reduce the expense associated with remediation. Automatic remediation may differ depending on the kind of activity involved. For instance, the user may opt to encrypt, quarantine, block and/or notify the sender in the event of an email. The majority of the functions mentioned earlier could be completed using a protected email product.
- It is able transfer data to a safe location if the data is found to be located in an unprotected area.
- It removes the need for manual user lookups through the use of LDAP server/active directory. This feature is common among all DLP manufacturers.