100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Data Loss Prevention (DLP)

IntermediateTechnique11.2K learners

Data Loss Prevention (DLP) refers to tools and practices designed to detect and prevent sensitive data from being leaked, exfiltrated, or shared outside of an organization's authorized boundaries, whether accidentally or maliciously.

Definition

Data Loss Prevention (DLP) refers to tools and practices designed to detect and prevent sensitive data from being leaked, exfiltrated, or shared outside of an organization's authorized boundaries, whether accidentally or maliciously.

Overview

DLP systems classify data — such as personal information, financial records, source code, or intellectual property — and enforce policies across three main states: data in use (on an endpoint device), data in motion (moving across a network, such as email or file uploads), and data at rest (stored in databases, file shares, or cloud storage). When a DLP system detects a policy violation, such as an employee attempting to email a file containing credit card numbers to a personal account, it can block the action, encrypt the content, quarantine it, or simply alert security teams depending on configured rules. DLP is a key control referenced in many compliance frameworks, including GDPR, HIPAA, and PCI DSS, since it directly addresses the risk of regulated data leaving controlled environments. Modern DLP increasingly integrates with cloud access security brokers (CASBs) and endpoint detection tools to cover SaaS applications and remote work scenarios, not just traditional corporate networks. DLP strategy sits alongside broader data protection practices like encryption at rest and secrets management, topics covered in Cloud Security Fundamentals.

Key Concepts

  • Classifies and monitors sensitive data across its lifecycle
  • Covers three data states: in use, in motion, and at rest
  • Can block, encrypt, quarantine, or alert on policy violations
  • Integrates with email gateways, endpoints, and cloud access security brokers
  • Supports compliance requirements under GDPR, HIPAA, and PCI DSS
  • Helps detect both accidental leaks and malicious exfiltration

Use Cases

Blocking employees from emailing sensitive files to personal accounts
Detecting attempts to upload source code to unauthorized cloud storage
Enforcing encryption when regulated data is copied to removable media
Monitoring for credit card or health data leaving approved systems
Auditing cloud application usage for shadow IT data exposure risk

Frequently Asked Questions