What is DLP and How Does it Work?

Aug 3, 2020

Some American propaganda during World War II succinctly defines the cybersecurity case for data loss prevention services and software. Moreso as a metaphor, but its point remains.

When the War Advertising Council developed the slogan "Loose Lips Sink Ships," sure, it was to be found on bar posters to frighten and contain rumors and information, but it also served to thwart inside threats and keep the country's knowledge and activity secure.

In many ways, data loss prevention for the private sector is similar. It's not intended to further wartime efforts like those wartime posters, that much is obvious, but its intent is to keep information out of the hands of an internal or external threat.

So, what exactly is data loss prevention?

Data Loss Prevention (DLP) Defined

Data loss prevention is the protection and containment of sensitive or critical information that, if distributed outside a corporate network, would otherwise be a detriment to the organization if accessed by certain third parties.

User activity is monitored and prevented from sending or granting access to confidential data through processes or programs intended to classify information, determine authorization, and/or restrict access.

Once information is classified into categories of regulated access, policies are developed to ensure the safety and integrity of business-critical data. If these policies are violated due to whatever signal, data loss prevention tactics are enacted to alert the appropriate individuals, encrypt the information, and catalyze protective actions.

The intent is to shield against data loss and/or data leakage. Yes, there's a difference.

Take it from Claudia Chandra at Informatica:

"Data loss prevention focuses on the detection and prevention of sensitive data exfiltration and/or lost data, and includes use cases from a lost or stolen thumb drive, to ransomware attacks. In a data loss, the data is gone and may or may not be recoverable. Data leakage is more complex and includes the risk of sensitive data flowing between an organizations’ critical systems, which are usually systems of records."

How does data loss prevention work, though? What's the nuts and bolts of it, so to speak?

Data Loss Prevention in Practice

Think of data in three states: in use, in motion, and at rest. Data loss prevention tactics seek to protect data used in endpoint actions, to secure data in motion as it moves through network traffic, and to contain data at rest that's being stored in archives.

Endpoint actions are what end users perform on a daily basis. They're normal things like screen capturing a chart for later reference, copying and pasting a list of complex numbers, and faxing mundane data. Unfortunately, this is often concerning highly sensitive information, which is where data in use prevention tactics come into play. Software or systems will monitor and flag unauthorized endpoint actions that may cause an issue for the organization. This can be avoided with quality endpoint security solutions.

For more information on endpoint security check out our blog, "What is Endpoint Security?"

Data traffic is susceptible to network vulnerability as it travels from point a to point b on internal or external networks. These channels of flowing data can be tapped into if an organization isn't careful. Cue data loss prevention methodology.

Think about filing cabinets for a minute. The important ones are behind lock and key. Some are buried away behind chain link fences or locked away in drawers that only certain people with certain keys can get to. That same concept applies to data at rest.

Data at rest can sit unscathed for long periods of time, but just because it hasn't been accessed yet doesn't mean you should be lured into a false sense of security. Often data loss prevention tactics for this issue will control who has access to what data, will encrypt data securely, and will institute data retention policies.

Why Does DLP Matter?

According to the 2020 Data Breach Report from Verizon, 30 percent of data breaches occurred because of internal actors. Another report from the Ponemon Institute in 2018 gives some startling statistics on the financial outcome of a data breach:

  • Average total cost of a data breach: $3.86 million
  • Average total one-year cost increase: 6.4%
  • Average cost per lost or stolen record: $148
  • One-year increase in per capita cost: 4.8%
  • Likelihood of a recurring material breach over the next two years: 27.9%
  • Average cost savings with an Incident Response team: $14 per record

The choice, of course, will always be up to the organization and the individual as to whether or not they perceive data loss prevention as a necessity for their day-to-day activity. However, the benefits by far outweigh the costs when it comes to protecting data that's in use, in motion, or at rest.