What is data loss prevention (DLP)?
Discover how to identify and help prevent risky or inappropriate sharing, transfer, or use of sensitive data on-premises and across apps and devices.
Data loss prevention defined
Data loss prevention is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It can help your organization monitor and protect sensitive information across on-premises systems, cloud-based locations, and endpoint devices. It also helps you achieve compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).
When it comes to security data, following information protection and governance best practices is critical Information protection places controls (for example, encryption) around sensitive data, while information governance determines its lifecycle (how long an organization retains the data). Together, they help your organization understand, safeguard, and govern its data.
Know your data. Understand your data landscape; identify and classify important data across your hybrid environment.
Protect your data. Apply protective actions like encryption, access restrictions, and visual markings.
Prevent data loss. Help people in your organization to avoid accidental oversharing of sensitive information.
Govern your data. Retain, delete, and store data and records in a compliant manner.
How does DLP work?
Data loss prevention is a combination of people, processes, and technology that works to detect and prevent the leakage of sensitive data. A DLP solution uses things like antivirus software, AI, and machine learning to detect suspicious activities by comparing content to your organization’s DLP policy, which defines how your organization labels, shares, and protects data without exposing it to unauthorized users.
Types of data threats
Data threats are actions that can affect the integrity, confidentiality, or availability of your organization’s data, while a data leak exposes your sensitive data to untrustworthy environments.
A cyberattack is a deliberate, malicious attempt to gain unauthorized access to computer systems (business and personal) and steal, modify, or destroy data. Examples of cyberattacks include distributed denial-of-service (DDoS) attacks, spyware, and ransomware. Cloud security, identity and access management, and risk management are a few ways to protect your network.
Malware, or malicious software—including worms, viruses, and spyware—is often disguised as a trusted email attachment or program (for example, an encrypted document or file folder). Once opened, it allows unauthorized users into your environment who can then disrupt your entire IT network.
Insiders are people who have information about your data, computer systems, and security practices, such as employees, vendors, contractors, and partners. Misusing authorized access to negatively impact the organization is one example of an insider risk.
Unintentional exposure occurs when employees unknowingly allow access to unauthorized users or viruses. Identity and access management tools help organizations control what users can and can’t access, and helps keep your organization’s important resources—like apps, files, and data—secure.
Phishing is the act of sending fraudulent emails on behalf of reputable companies or other trustworthy sources. The intention of a phishing attack is to steal or damage sensitive data by tricking people into revealing personal information such as passwords and credit card numbers. They can target a single person, a team, a department, or an entire company.
Ransomware is a type of malware that threatens to destroy or block access to critical data or systems until a ransom is paid. Human-operated ransomware that targets organizations can be difficult to prevent and reverse because the attackers use their collective intelligence to gain access to an organization’s network.
Why is DLP important?
A DLP solution is essential to your risk reduction strategy, especially when it comes to securing endpoints like mobile devices, desktop computers, and servers.
Information security (InfoSec) refers to the security procedures that protect sensitive information from misuse, unauthorized access, disruption, or destruction, including both physical and digital security. Key elements of InfoSec include the following:
Infrastructure and cloud security. Security for your hardware and software systems to help prevent unauthorized access and data leaks from your public cloud, private cloud, hybrid cloud, and multicloud environments.
Cryptography. Algorithm-based communication security to ensure that only the intended recipients of a message can decipher and view it.
Incident response. How your organization responds to, remediates, and manages the aftermath of a cyberattack, data breach, or another disruptive event.
Disaster recovery. A plan for re-establishing your technological systems after a natural disaster, cyberattack, or other disruptive events.
Benefits of a DLP solution
DLP benefits begin with the ability to classify and monitor your data and include improving your overall visibility and control.
Classify and monitor sensitive data
Knowing what data you have and how it’s used across your digital estate makes it easier for your organization to identify unauthorized access to data and protect it from misuse. Classification means applying rules for identifying sensitive data and maintaining a compliant data security strategy.
Detect and block suspicious activity
Customize your DLP solution to scan all data flowing through your network and block it from leaving the network by email, being copied to USB drives, or other means.
Automate data classification
Automated classification gathers information, such as when a document was created, where it’s stored, and how it’s shared, to improve the quality of data classification in your organization. A DLP solution uses this information to enforce your DLP policy, which helps prevent sensitive data from being shared with unauthorized users.
Maintain regulatory compliance
Every organization must adhere to data protection standards, laws, and regulations like HIPAA, the Sarbanes-Oxley (SOX) Act, and the Federal Information Security Management Act (FISMA). A DLP solution gives you the reporting capabilities you need to complete compliance audits, which may also include having a data-retention plan and training program for your employees.
Monitor data access and usage
To keep threats at bay, you need to monitor who has access to what and what they’re doing with that access. Prevent insider breaches and fraud by managing the digital identities of employees, vendors, contractors, and partners across your network, apps, and devices. Role-based access control is one example of providing access to only the people who need it to do their jobs.
Improve visibility and control
A DLP solution gives you visibility into the sensitive data within your organization and helps you see who might be sending it to unauthorized users. Once you determine the scope of actual and potential issues, further customizations can be made to analyze data and content to strengthen your cybersecurity measures and DLP efforts.
DLP adoption and deployment
When adopting a data loss prevention solution, it’s important to do thorough research and find a vendor whose solution is appropriate for your needs.
To deploy your DLP solution with minimal downtime and avoid costly mistakes, your organization can:
Document the deployment process. Ensure your organization has procedures to follow, reference material for new team members, and records for compliance audits.
Define your security requirements. Help protect your organization’s intellectual property and your employees’ and customers’ personal information.
Establish roles and responsibilities. Clarify who’s accountable, who needs to be consulted, and who needs to be informed regarding activities related to your DLP solution. For example, your IT team must take part in the deployment so that they understand the changes being made and are able to resolve issues. It’s also important to separate responsibilities so that those who create policies can’t implement them, and those who implement policies can’t create them. These checks and balances help thwart the misuse of policies and sensitive data.
DLP best practices
Follow these best practices to help ensure successful data loss prevention:
- Identify and classify sensitive data. To protect your data, you need to know what you’ve got. Use your DLP policy to identify sensitive data and label it accordingly.
- Use data encryption. Encrypt data that is at rest or in transit so unauthorized users won’t be able to view file content even if they gain access to its location.
- Secure your systems. A network is only as secure as its weakest entry point. Limit access to employees who need it to do their jobs.
- Implement DLP in phases. Know your business priorities and establish a pilot test. Allow your organization to grow into the solution and all it has to offer.
- Implement a patch management strategy. Test all patches for your infrastructure to ensure there are no vulnerabilities being introduced into your organization.
- Allocate roles. Establish roles and responsibilities to clarify who is accountable for data security.
- Automate. Manual DLP processes are limited in scope and can’t scale to meet the future needs of your organization.
- Use anomaly detection. Machine learning and behavioral analytics can be used to identify abnormal behavior that could result in a data leak.
- Educate stakeholders. A DLP policy isn’t enough to prevent intentional or accidental incidents; stakeholders and users must know their role in protecting your organization’s data.
- Establish metrics. Tracking metrics—like the number of incidents and time-to-response—will help determine the effectiveness of your DLP strategy.
With data threats, it’s a matter of when they’ll happen, not if they’ll happen. Choosing a DLP solution for your organization requires research and planning, but it’s time and money well spent to protect the sensitive data, personal information, and reputation of your brand.
Understanding these options and how they work with your DLP solution can help jumpstart your journey to more secure data.
User behavior analytics. Make sense of the data you gather about your systems and the people using them. Flag suspicious behavior before it leads to a data leak or security breach.
Security education and awareness. Teach employees, executives, and IT teammates how to recognize and report a security incident and what to do if a device is lost or stolen.
Encryption. Maintain the confidentiality and integrity of your data by ensuring that only authorized users can access data while it’s at rest or in transit.
Data classification. Identify which data is sensitive and business critical, then manage and protect it across your environment—wherever it lives or travels.
Cloud access security broker (CASB) software. Enforce your security policy between enterprise users and cloud service providers to mitigate risk and maintain regulatory compliance.
Insider risk management software. Pinpoint which employees may be accidentally leaking data and uncover malicious insiders who are intentionally stealing sensitive information.
Get governance, protection, and compliance solutions for your organization with Microsoft Purview. Visit the Purview website to learn how to improve visibility, manage your data securely, and go beyond compliance while safeguarding your data across platforms, apps, and clouds.
Learn more about Microsoft Security
Help protect and govern your data with built-in, intelligent, unified, and extensible solutions.
Microsoft Purview Data Loss Prevention
Identify inappropriate sharing, transfer, or use of sensitive data on endpoints, apps, and services.
Microsoft Purview Information Protection
Understand, manage, and protect your sensitive and business-critical data.
Microsoft Purview Data Lifecycle Management
Use information governance to classify, retain, review, dispose of, and manage content.
Protect Your Data End-to-End
Explore how data protection requirements are changing and learn three steps to help modernize the way you protect your data.
Frequently asked questions
The main types of data loss prevention are:
- Network DLP – Preventing the loss of sensitive data from your computer network, including email, web applications, and protocols like FTP and HTTP.
- Cloud DLP – Classifying and protecting sensitive data in cloud computing environments, including public, private, hybrid, and multicloud environments.
- Endpoint management DLP – Monitoring servers, computers and laptops, cloud repositories, and mobile phones and devices where data is accessed and stored.
Examples of DLP include:
Software. Control who accesses and shares data in your organization. Establish policy controls to detect and prevent unauthorized data transfers, sharing, or leaks.
Encryption. Plaintext is transformed into unreadable cipher-text (more simply, data is converted into code) to prevent unauthorized access.
Alerts. Network administrators are notified when a user takes actions that go against your DLP policy.
Reporting. Customized DLP reports may contain policy matches, incidents, and false positives. Reporting helps you identify the accuracy of your DLP policies and refine them as needed.
A DLP policy defines how your organization shares and protects data without exposing it to unauthorized users. It helps you comply with government regulations, protect intellectual property, and improve visibility into your data.
Start with these important tasks to implement a data loss prevention plan.
- Categorize your data so you can monitor how it’s used.
- Define roles and responsibilities in your organization so that only employees who need specific data are allowed to access it.
- Establish a training plan for employees to make them aware of what actions can result in data loss.
A data breach can cost your organization millions of dollars, damage its reputation, and affect its revenue stream for years. A data loss prevention solution helps your organization:
- Protect intellectual property and personally identifiable information.
- Gain visibility into how people are interacting with data.
- Comply with digital privacy laws.
Follow Microsoft 365