Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.
Adoption of DLP, variously called data leak prevention, information loss prevention or extrusion prevention, is being driven by insider threats and by more rigorous state privacy laws, many of which have stringent data protection or access components.
DLP software products use business rules to examine file content and tag confidential and critical information so that users cannot disclose it. The software can be useful for identifying and tagging well-defined content (such as Social Security or credit cards numbers) but tends to fall short when an administrator is trying to identify other sensitive data such as intellectual property. To implement enterprise DLP software successfully, personnel from all levels of management need to be actively involved in creating the business rules for tags.
Once DLP software tools have been deployed, an end user who accidentally or maliciously attempts to disclose confidential information that's been tagged will be denied. In addition to being able to monitor and control endpoint activities, DLP tools can also be used to filter data streams on the corporate network and protect data at rest.