The data discovery and identification aspect of data loss prevention (DLP) capability is just the beginning. Once you know what data you have and where it lives, you’re finally in a position to accomplish two crucial things:
- Manage and enforce security policies. DLP makes it possible to manage and apply security policies across the enterprise, reducing burdens on IT staff while boosting compliance. For instance, solid DLP solutions automatically encrypt sensitive data to regulatory and compliance standards, and those focused on data in motion come with on-board email encryption that integrates with leading encryption services.
This ability to manage not just security policy but also security enforcement is especially important, given the proliferation of employee communication venues (e.g., email, IM, the Web, social media), work locations, and devices, some of which are employee-owned and inevitably used for personal activities.
- Monitor and regulate how sensitive data gets used, moved, and stored. With DLP, you’ll not only gain visibility into policy violations, you’ll be able to automatically enforce policies and compliance (and get employees to behave when it comes to data use).
DLP enables you to secure data proactively via automatic quarantine, relocation, and support for policy-based encryption. You can enable active blocking at the network as well as endpoint to prevent data from inappropriately leaving the organization. And you’ll know who attempted what and when.