Data Loss Prevention (DLP)

Sec+ Glossary 📖 • Security Operations 🛡️ • Governance (GRC) 📜 • Difficulty: premium

What is Data Loss Prevention (DLP)?

Data Loss Prevention is a set of tools and policies that helps organizations detect and prevent sensitive data from being exposed, leaked, or transferred in unauthorized ways. DLP focuses on identifying sensitive data and controlling how it can be used, moved, or shared.

Examples

An organization blocks employees from emailing files containing payment card numbers to external addresses.
A DLP rule alerts when a user uploads a document labeled confidential to a personal cloud storage account.

Discover 🔎

Most data leaks are not dramatic hacks. They are everyday moments where sensitive information leaves the organization through email, cloud sharing, messaging apps, screenshots, or removable media. Data Loss Prevention exists to reduce that risk by making data handling visible and controllable. It helps you answer two questions: what is sensitive, and what should happen when someone tries to move it.

Remember: DLP is about preventing unintended exposure, whether it is accidental or intentional. It is not only an insider threat tool.

Summary 📝

Data Loss Prevention combines policy and technology to detect sensitive information and prevent it from being shared or transferred in risky ways. DLP works by identifying sensitive data using classification, patterns, and context, then applying actions such as warning, logging, or blocking. Successful DLP depends on careful tuning, clear definitions of sensitive data, and providing secure ways for users to share information.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.