Data loss prevention (DLP) is a concept that refers to the monitoring of data in use, data in motion, and data at rest. A DLP system performs content inspection and is designed to prevent unauthorized use of data as well as prevent the leakage of data outside the computer (or network) that it resides in. DLP systems can be software or hardware-based solutions and come in three varieties:
Endpoint DLP systems
These systems run on an individual computer and are usually software-based. They monitor data in use, such as e-mail communications, and can control what information flows between various users. These systems can also be used to inspect the content of USB-based mass-storage devices or block those devices from being accessed altogether by creating rules within the software.
Network DLP systems
These can be software- or hardware-based solutions and are often installed on the perimeter of the network. They inspect data that is in motion.
Storage DLP systems
These are typically installed in data centers or server rooms as software that inspects data at rest.
Cloud-based DLP systems
Cloud-based DLP solutions are offered by most cloud providers to protect against data breaches and misuse of data. These often integrate with software, infrastructure, and platform services, and can include any of the systems mentioned previously. Cloud-based DLP is necessary for companies that have increased bring your own device (BYOD) usage , and that store data and operate infrastructure within the cloud.
As with HIDS solutions, DLP solutions must be accurate and updated to reduce the number of false positives and false negatives. Most systems alert the security administrator in the case that there was a possibility of data leakage. However, it is up to the administrator to determine whether the threat was real.
Published on Thu 22 March 2012 by Elliot Wood in Security with tag(s): data loss dlp