What is DLP?
The primary objective of a DLP solution is to maintain the confidentiality of sensitive data by preventing loss through accidental or malicious means. This may relate to where data is:
- Sent outside of the corporate network via email
- Uploaded to cloud services
- Transferred from a secure to an insecure location within the corporate network
- Moved on to removable storage device
As the name suggests, DLP has a focus on protecting data that resides inside the corporate network. It therefore looks to combat the risk from insider threats as well as malicious third parties infiltrating your network and trying to export data thereafter.
The term insider threat can relate to both bad actors with malicious intent as well as those staff who are negligent with their actions, with the consequences placing the organisation at risk.
DLP can also be regarded as a tool to help with achieving compliance. Some regulations and standards such as PCI DSS or HIPPA will specify that due to the sensitivity of the data, it can not reside in unsecured cloud environments. As such, through the use of well-applied defined policies, data can be forced to remain within the secure environment.
DLP efficiency can be greatly improved through the integration with a classification tool. By marking the metadata with detailed handling information, a DLP solution can read the further information and more accurately enforce corporate policies.
One of the major challenges with DLP is its ability to apply policies to encrypted data. In the past, organisations simply treated all encrypted data as trusted and therefore let it move around and in/out of the organisation freely.
However, with the development of malware now hiding in encrypted data or tunnels, DLP solutions have had to evolve. Many solutions are now able to decrypt the data for inspection purposes, re-encrypting if required. Alternatively, DLP can be configured to integrate with encryption solutions or have stand-alone SSL decryptors deployed.
Leading DLP technology partners
Latest news and blog posts
Juniper Networks offers new Secure Edge CASB and DLP capabilities to simplify the SASE experience
Juniper uniquely delivers full-stack SASE with a complete suite of Secure Edge SSE capabilities, unified security management and the only SD-WAN solution driven by Mist AI.
SD-WAN performance and network security managed in the cloud via Cisco Meraki
Our engineers have developed the technical expertise to address our customers' network performance and security challenges using Cisco SD-WAN powered by Meraki technology.
Juniper Networks AI-driven enterprise
What is an AI-driven enterprise?
The growing maturity and availability of artificial intelligence (AI) enables the creation of an AI-driven enterprise. Read how Nomios and Juniper can help you build one.