However it occurs, the loss of data can be devastating to a company. Just ask any of the growing number of businesses who have experienced data breaches. According to a 2007 Ponemon Institute study, the average cost of a data breach is just under $200 per record. Considering that nearly 219 million records of U.S. residents have been exposed due to security breaches since 2005, according to Privacy Rights Clearinghouse, the cost to business is staggering.

DLP solutions are specifically designed to avert such disasters. Wherever data lives—whether it is in transit on the network, at rest in storage, or in use on the endpoint—DLP can significantly reduce the risk of its loss. What’s more, the most advanced DLP solutions go beyond protecting information to also help identify risk, establish policies and processes, educate users, and integrate security technologies and controls.

How DLP Works

It is easy to see how employee access to the Internet can lead to data loss, so many organizations start by deploying DLP on the network, enabling them to establish policies, monitor network traffic, accurately detect incidents and to proactively block inappropriate transmissions. With DLP technology in place on the network, these organizations are able to immediately reduce the risk of losing data in transit.


Companies also want to gauge their level of exposure across their internal systems in order to improve access controls and meet compliance requirements. Using the same policies as on the network, DLP solutions can also look for confidential data wherever it is stored, scanning a wide range of data repositories to discover things like executive salaries, personnel files, contracts and transaction records. When such data at rest is found, it can be automatically moved to a secure location or encrypted based on policy.

Network- and storage-centric DLP solutions significantly reduce the risk of data loss due to inadvertent employee behavior and broken business processes, the causes of 95 percent of data loss incidents. Next, companies often turn their attention to the small percentage of breaches caused by malicious insiders. DLP capabilities are extended to preventing data from being copied to removable devices or downloaded from servers in violation of policy. Endpoint DLP enables organizations to identify sensitive information on laptops and desktops and stop it from being copied to USB drives and iPods, or burned to CD/DVDs. With DLP capabilities at the endpoint, organizations are now able to reduce the risk of losing data in use.

Today, the most advanced DLP offerings are available as integrated solutions that combine both endpoint and network-based software to protect confidential data wherever it is stored or used. These solutions leverage a common foundation with the same policy management, detection, incident response workflow, and reporting capabilities across network, storage, and endpoint systems. This unified approach to enforcement enables the organization to write a policy once and automatically enforce it throughout the enterprise.