Security Measures › Technical Measures

Data Loss Prevention (DLP)

DLP (Data Loss Prevention) comprises the technologies and processes that prevent sensitive data from leaving the organisation without authorisation. DLP monitors, detects and blocks data transmissions that violate the organisation’s policies.

Back to Dictionary

What is DLP?

Data Loss Prevention (DLP) is a security measure that prevents sensitive data from leaving the organisation via unauthorised channels. This may be an employee who accidentally sends a customer list to a personal email, or a malicious actor attempting to exfiltrate trade secrets.

DLP systems scan data in motion (network traffic, emails), data in use (on endpoints) and data at rest (in databases and file shares). When the system identifies sensitive data about to leave the organisation in breach of policies, it can block, warn or log the action.

DLP relies on data classification to know which data is sensitive. It complements encryption, access control and data masking as part of an overall data protection strategy.

DLP types

DLP solutions cover three main areas:

Network DLP: Monitors network traffic for sensitive data. Scans emails, web uploads, file transfers and other outbound transmissions. Typically placed at the network perimeter alongside firewalls and web filters.
Endpoint DLP: Installed on the user’s device, it monitors file copying, printing, screen capture and use of external media such as USB drives. Closely linked to endpoint security and mobile device management.
Cloud DLP: Monitors data in cloud services such as email, file-sharing platforms and SaaS applications. Essential in an era where much of an organisation’s data resides in the cloud.

Detection techniques include pattern matching (e.g. national identification numbers or credit-card numbers), keywords, document fingerprinting and machine learning that identifies sensitive data based on context.

Implementation in practice

A successful DLP implementation requires preparation:

Map data: Identify your most sensitive data and where it resides. Data classification is a prerequisite.
Define policies: Determine what should be blocked, what should trigger a warning, and what should merely be logged. Start with the most critical data categories.
Start in monitor mode: Enable DLP in observation mode first to understand data flows and avoid disrupting business processes.
Fine-tune rules: Reduce false positives by refining policies based on the collected data.
Enforce: Enable blocking for the most critical policies, and retain warning mode for less critical ones.

Integrate DLP with SIEM systems to combine DLP events with other security data. This gives the incident response team a unified view.

Remember that technology alone is not enough. Security awareness is essential. Employees who understand why DLP is important generate fewer false alarms and practise better data hygiene.

Regulations and standards

GDPR requires appropriate technical measures to protect personal data. DLP is a recognised method for demonstrating that the organisation actively prevents data leaks.

ISO 27001 addresses prevention of information leakage in Annex A control A.8.12. An ISMS should include DLP as part of the data protection strategy.

NIS2 requires essential and important entities to have measures against data loss. DORA imposes similar requirements on financial institutions. CIS 18 Control 3 specifically deals with data protection, where DLP is a central component.

Frequently Asked Questions about Data Loss Prevention (DLP)

What is the difference between DLP and encryption?

DLP prevents data from leaving the organisation without authorisation, while encryption protects data already in transit or at rest. They complement each other: DLP stops the leak; encryption protects data if it nevertheless falls into the wrong hands.

Can DLP prevent all data leaks?

No, DLP is not a complete solution. A determined insider can find ways around it, for example by photographing the screen. DLP significantly reduces risk and catches most accidental and many malicious leaks, but should be combined with other measures such as access control and monitoring.

Does GDPR require DLP?

GDPR does not mention DLP specifically, but requires appropriate technical measures to protect personal data. DLP is a recognised method for fulfilling this requirement and demonstrating that the organisation actively prevents data leaks.

What does it cost to implement DLP?

Costs vary considerably depending on the organisation’s size, number of endpoints and chosen solution. Start by identifying your most sensitive data and implement DLP incrementally. Many cloud platforms include basic DLP capabilities in their existing licences.