Data Loss Prevention
After completing the development of the data classification model and supporting processes including policies and standards a tool may need to be implemented to enforce data protection based upon the model. Data Loss Prevention (DLP) is an example of a tool that can enforce protection of data that has been classified by the enterprise. In the previous Data locations section several examples of data locations were presented to emphasize the complexity of data management and protection in the enterprise. DLP can help find data in these various locations, and in some cases enforce encryption, block insecure transmission, and block unauthorized copying and storing of data based upon data classification. There is significant benefit to having a solution with this capability, allowing automated protection within the enterprise, integration with existing solutions, and actionable reporting.
The primary purpose of DLP is to protect against the unauthorized exfiltration of enterprise...
