An organization needs to make sure sensitive data like company confidential information or data collected from customers do not get shared outside the internal network without legitimate reasons. Sometimes sensitive data get shared outside the company network purposefully because of internal threats. And, sometimes it happens accidentally by ignorant employees. A company needs to prevent its employees from sharing sensitive data accidentally or purposefully. Data Loss Prevention is a solution or process that is used for that purpose.
What is Data Loss Prevention ?
Data Loss Prevention or DLP is a strategy to make sure that end users do not send sensitive data or critical information outside the corporate network intentionally or accidentally. Sensitive data may include confidential data like Intellectual Property or corporate data like financial documents, strategic planning document, employee information and customer data like Social Security Number, credit card number, medical records etc.
DLP can be effectively used to prevent insider threats as well as to comply with rigorous state privacy laws.
How can Data Loss Prevention be done ?
Data loss can be prevented in various ways. Standard security measures include firewalls, IDPS and anti-virus solutions. They are commercially available products that can prevent insider threats and outsider attacks.
Advanced measures may include using Machine Learning to detect and prevent abnormal access of sensitive data. Honeypots (What is a Honeypot ?) and user activity monitoring solutions also can be used for that purpose.
Often designated Data Loss Prevention systems are used to detect and prevent data loss. These DLP solutions use mechanisms like data matching, data fingerpriting, statistical methods etc to prevent unauthorized sharing of sensitive data whether done accidentally or purposefully.
Sensitive data can reside on various computing devices like physical servers, virtual servers, databases, file servers or endpoint devices like computers, POS devices (What is POS malware and how to prevent it ?) etc. It can also move through various network access points like wireless, VPNs etc. Thus a variety of solutions can be used to prevent data loss, data leaks and data recovery.
Data Loss Prevention solution can identify confidential data, track the data as it moves outside the enterprise network and prevent unauthorized disclosure using disclosure policies. It uses business rules to classify and protect sensitive data.
How does Data Loss Prevention technology work ?
A DLP solution has to first identify sensitive data in order to prevent data losses. This can be done using various techniques.
Sensitive data in fact can be of two types – structured and unstructured. Structured data are data that …