What is Data Loss Prevention (DLP) And How Does It Work

Every year, business owners grapple with the same question: how can I keep my data safe? 

One survey found that 47% of small business owners found data security to be their biggest challenge; a further 42% said preventing data loss was also keeping them up at night. 

Data loss prevention is a clear priority for enterprises of all sizes. The cost of a data leak can quickly escalate to over $7 million per incident, not to mention the damage to a business’s brand reputation and competitive advantage. 

Data loss prevention solutions have evolved significantly in recent years, with cloud DLP providing a cutting-edge solution to protecting sensitive data many companies share over SaaS, IaaS, and PaaS platforms. Here’s what you need to know about data loss prevention and how to implement strict controls in your business. 

What is data loss prevention (DLP)?

Data loss prevention (DLP) is a set of tools and technologies that classify, detect, and protect information (data) in three states: data in use, data at rest, and data in motion. 

• Data in use relates to when data is being accessed within a system at any time. Security gaps can occur as data is used, undergoes updates, readings, and even erasures across a network or database. 
• Data in motion, or data in transit, means that information is moving both on and off the network or database. A typical security vulnerability for data in motion is when users send sensitive data to personal email accounts or cloud drives to work remotely. 
• Data at rest refers to where data is located on a network or database. Insecure storage locations and unencrypted backup copies of sensitive data pose the biggest risks for data at rest.

The role of a data loss prevention tool is to identify sensitive data that enterprises need to keep safe, and constantly monitor and take action to prevent this information from being leaked or shared inappropriately. 

Gartner classifies data loss prevention solutions into three categories: enterprise data loss prevention (EDLP), integrated data loss prevention (IDLP), and cloud DLP (or CSP-Native DLP). Simply put, an EDLP tool focuses on data in all three states (in motion, in use, and at rest) while an IDLP tool focuses on one specific state.

Enterprise DLP

Enterprise DLP solutions are comprehensive tools that can monitor DLP across endpoint, network, and cloud environments. These solutions are broad and flexible, built for highly diverse use cases. They tend to offer not only data loss protection but also regulatory compliance and intellectual property protection. 

[Read more: Network, Endpoint, and Cloud DLP: A Quick Guide] 

Integrated DLP

Integrated DLP tools are natively integrated into a specific service, such as secure email or a web gateway. These solutions are limited in their policy and reporting capabilities and must be manually integrated with other IDLP or EDLP solutions. 

Cloud DLP

Cloud data loss prevention programs are specifically designed to protect data stored in the cloud. A cloud DLP will scan and audit data to detect and encrypt PII and other valuable information shared across IaaS, PaaS, and SaaS programs. 

How does DLP work?

DLP serves three main purposes. First, it protects personally-identifying information (PII) and helps organizations stay compliant with regulations such as HIPAA, GDPR, and the new CCPA. It also protects your intellectual property and trade secrets that could give your competitors an advantage. 

And, finally, DLP allows companies to understand where data lives and how it moves. This enables teams to add endpoint and network protections and evolve security as threats crop up. 

How do DLP programs deliver these benefits? It depends on the type of DLP solution you use, but broadly speaking, these are some of the more common strategies. 

1. Rule-based matching: The DLP solution uses known patterns to find data that matches specific rules. For instance, a Social Security number is nine digits: so, the tool will flag any nine-digit numbers for further review and analysis. 
2. Database fingerprinting: The DLP solution looks for an exact match to structured data that has been supplied by the client. For instance, the client searches for “Patent No. 123.” 
3. Exact file matching: The DLP solution looks for documents based on their hashes, rather than their contents. 
4. Partial document matching: The DLP solution looks for files that partially match pre-set patterns. For instance, a form that has been filled out by different users has the same structure across the board.
5. Statistical analysis: The DLP solution uses machine learning or Bayesian analysis to identify sensitive data. 

Not only will DLP solutions identify sensitive data, they will also allow an organization to set a strategy to protect this data. The DLP strategy will determine how different kinds of data will be treated and define sensitive data types, DLP policies, and expected data flows.  

The evolution of DLP to cloud DLP

More and more companies are shifting their focus from legacy DLP systems to cloud DLP — for numerous reasons. First, as more companies work remotely, cloud DLP just makes sense. Tools like Nightfall secure key remote work platforms such as Slack, Google Drive, GitHub, and Jira. 

Legacy DLP also has flaws that make it difficult to scale and adapt to our changing work environment. Traditional DLP tools are identified in one paper as complex to deploy and difficult to manage. Their structure and rules block employee productivity and prevent effective collaboration. And, legacy DLP tend to have high acquisition and operational costs. 

Nightfall is the industry’s first cloud-native DLP platform that integrates directly via API – meaning that customers are typically up and running within a few minutes. For SaaS apps, there’s no additional configuration or setup required beyond installation. 

Once Nightfall is installed, it leverages 100+ machine learning detectors to scan both structured and unstructured data and its surrounding context with high levels of accuracy. Nightfall’s classification is automatic and highly accurate, eliminating the time spent tagging data manually, reviewing false positives, and grappling with alert fatigue. IT teams can create automatic workflows that take action on sensitive data proactively, reducing the time spent manually responding to alerts and reducing mean time to resolution. 

Cloud DLP vs CASB

CASB stands for cloud access security broker. It’s a type of security platform that sits between an enterprise network and a cloud provider’s infrastructure, allowing for the monitoring and remediation of incidents that occur between the network layer and the cloud. 

Historically, CASBs worked well when an enterprise was able to control and secure every point through which data could be transferred. All it took was adding a CASB to secure corporate desktop and corporate email and be assured that data would be safe. 

However, because so many of us are working from home and accessing work data on multiple devices, cloud DLP is filling in where CASBs fall short. Cloud DLP solutions like Nightfall connect with cloud applications through APIs, giving application-layer visibility to security teams who need to remediate data security incidents in the cloud. 

[Read more: 4 Ways CASBs Differ from Cloud DLP]  

Why should you use DLP? 

Data loss prevention is integral to compliance, cybersecurity, and business continuity. DLP tools make it easy for businesses to protect PHI and PII, reduce the risks of insider threat, and stay protected even as threats like ransomware and malware evolve. Likewise, businesses can keep their customer and employee privacy safe, building trust and allowing the company to thrive. 

For more DLP tips, check out our DLP Security Checklist for IT Professionals. Learn more about Nightfall by scheduling a demo at the link below.