What does DLP stand for – Data Loss Prevention or Data Leakage Prevention?
We talked much about Data Loss Prevention and Corporate Data Security, but let’s see what does it mean for us.
Sensitive data is our most important asset, yet we tend to spend more time securing our applications, servers and environments than protecting the actual data itself. This will change in 2010 as technologies that directly protect data – things like local hard drive encryption and DLP (data loss prevention) solutions – are more frequently adopted by small and medium businesses.
That’s a somewhat difficult question to answer, since there really is no really good industry standard definition of what DLP is (the sense?)… but I’ll give you my two cents. As you know, DLP stands for either Data Loss Prevention, or Data Leakage Prevention. Those two terms sound similar, but have slightly different meanings.
In general, Data Loss Prevention is the practice identifying and tracking your sensitive data; making sure that only those that are authorized to handle that data can access it; and making sure your sensitive data doesn’t leak outside those authorized users.
Nowadays, however, many different vendors use the term DLP to describe various technical solutions that try to provide different aspects of the practices I mentioned above. The problem, there are many different aspects of DLP, including finding your sensitive data, controlling who has authorization to handle it, auditing when ppl audit or change it, tracking the data at rest, in use, and in motion, etc…
I’ve never personally met a DLP solution that does all of that on its own, so whenever someone says they have a DLP solution, it’s sometimes hard to understand what that really is.
However, the second term I mentioned — Data Leakage Protection — tends to have a more specific definition, so it’s easier to understand. Data Leakage Protection is monitoring and preventing sensitive data from leaving your perimeter. In this case, DLP solutions are only worried about your data passing some sort of perimeter gateway devices, usually via e-mail, web 2.0 applications (like html e-mail), and IM, faxes, USB devices. Also it’s about tracking all user’s actions like editing, opening, sending files and data. So Data Leakage Protection is primarily about data in motion. So, in example, StaffCop is a Data Leakage Protection solution.
Since some many bad guys are clearly stealing corporate data, we will spend more time developing best solutions to protect data directly, rather than just protecting the ‘containers’ that hold data.