Data Loss Prevention (DLP)

Data Loss Prevention (DLP) encompasses strategies, tools, and processes designed to prevent sensitive data from leaving an organisation through unauthorised channels. DLP systems monitor, detect, and block potential data breaches in real time.

Types of DLP:

• Network DLP: Monitors data in transit across the network (email, web, file transfers)
• Endpoint DLP: Monitors data on devices (USB drives, printing, screen capture, clipboard)
• Cloud DLP: Monitors data in cloud services (SaaS apps, cloud storage, collaboration tools)
• Email DLP: Specifically monitors outbound email for sensitive content

How DLP works:

1. Define sensitive data: Classify what constitutes sensitive information
2. Create policies: Rules defining how sensitive data should be handled
3. Monitor: Scan data at rest, in motion, and in use
4. Detect: Identify policy violations through pattern matching and AI
5. Respond: Alert, quarantine, block, or encrypt based on policy
6. Report: Generate compliance and incident reports

DLP detection methods:

• Pattern matching: Credit card numbers, tax file numbers, Medicare numbers
• Keywords: Sensitive terms ("confidential", "proprietary", client names)
• Data fingerprinting: Matching against known sensitive documents
• Machine learning: AI-based classification of sensitive content
• Contextual analysis: Considering who, what, where, and how data is being shared

DLP platforms:

• Microsoft Purview: Integrated with Microsoft 365 environment
• Google Workspace DLP: Built into Google Workspace
• Symantec DLP: Comprehensive standalone DLP solution
• Digital Guardian: Advanced endpoint DLP
• Forcepoint: DLP with user behaviour analytics

Australian DLP considerations:

• Protect personal information as defined by Australian Privacy Principles
• Tax File Numbers have specific handling requirements
• Notifiable Data Breaches scheme requires rapid detection
• Healthcare data has additional sensitivity requirements