Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the enterprise network. The term is also used to describe software products that help a network administrator control what data end users can transfer.
DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business email outside the
corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission.
Adoption of DLP is being driven by insider threats and by more rigorous state privacy laws, many of which have stringent data protection or access components.
DLP products may also be referred to as data leak prevention, information loss prevention or extrusion prevention products.