Data Loss Prevention (DLP)

Security+ 🏆 • Security Operations 🛡️ • Governance (GRC) 📜 • Difficulty: premium

Definition

Data Loss Prevention is a set of tools and policies that helps organizations detect and prevent sensitive data from being exposed, leaked, or transferred in unauthorized ways. DLP focuses on identifying sensitive data and controlling how it can be used, moved, or shared.

Examples

An organization blocks employees from emailing files containing payment card numbers to external addresses.
A DLP rule alerts when a user uploads a document labeled confidential to a personal cloud storage account.

Discover 🔎

Most data leaks are not dramatic hacks. They are everyday moments where sensitive information leaves the organization through email, cloud sharing, messaging apps, screenshots, or removable media. Data Loss Prevention exists to reduce that risk by making data handling visible and controllable. It helps you answer two questions: what is sensitive, and what should happen when someone tries to move it.

Remember: DLP is about preventing unintended exposure, whether it is accidental or intentional. It is not only an insider threat tool.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.