Over the last several years, there has been a noticeable shift in attention and investment from securing the network to securing systems within the network, and to securing the data itself. Data loss prevention (DLP) controls are based on policy, and include classifying sensitive data, discovering that data across an enterprise, enforcing controls, and reporting and auditing to ensure policy compliance.
When attackers compromise machines, they often make significant changes to configurations and software. Sometimes attackers also make subtle alterations of data stored on compromised machines, potentially jeopardisng organisational effectiveness with polluted information. When the attackers are discovered, it can be extremely difficult for organisations without a trustworthy data recovery capability to remove all aspects of the attacker’s presence on the machine.
In recent years, attackers have exfiltrated significant amounts of often-sensitive data from organisations. Many attacks occurred across the network, while others involved the physical theft of laptops and other equipment holding sensitive information.
The loss of control over protected or sensitive data by organisations is a serious threat to business operations and a potential threat to national security. The vast majority of these problems result from poorly understood data practices, a lack of effective policy architectures, and user error.
The phrase “data loss prevention” refers to a comprehensive approach covering people, processes, and systems that identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage) through deep content inspection and with a centralised management framework.