# Data Loss Prevention (DLP)*

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
DAR Data at Rest
DIM Data in Motion
DIT Data in Transit
DIU Data in Use
DLP Data Loss Prevention

# Glossary

Includes the tools and processes to identify sensitive information in storage.

# Overview

DLP solutions are designed to protect your documents when they are inside your organization (unlike IRM/DRM which can protect an object anywhere it travels). It is a set of controls that is used to ensure that data is only accessible to those who should have access to it.

DLP describes the controls put in place by an organization to ensure that certain types of data (structured and unstructured) remain under organizational controls, in line with policies, standards, and procedures.

# Components

DLP consists of three components:

The discovery process usually maps data in cloud storage services and databases and enables classification based on data categories (regulated data, credit card data, public data, and more).

Monitors for violations.

Many DLP tools provide the capability to interrogate data and compare its location, use, or transmission destination against a set of policies to prevent data loss. If a policy violation is detected, specified relevant enforcement actions can automatically be performed.

DLP policies are enforced and violations which were observed during the monitoring phase are addressed.

DLP provides the following benefits:

  • Additional Security
  • Policy Enforcement
  • Enhanced Monitoring
  • Regulatory Compliance

# Types of DLP


In order to protect DAR, DLP solutions must be deployed on each of the systems (typically as an agent) that house data, including any servers, workstations, and mobile devices.

Data at rest is mostly associated with storage.

  • Storage based data
  • Installed on the actual storage subsystems, file servers, or application servers


Data in motion/data in transit is mostly associated with network traffic.

  • Deployed near the gateway
    • Proxy, network tapping, SMTP relays
    • Requires SSL interception to inspect HTTPS traffic


Data in use is mostly associated with endpoints.

  • Offers insights into how users access/process data files
  • More complex due to the large number of devices, users, and potential for multiple locations