Information security has many faces and comes with a lot of bells and whistles. We have the SIEMs, the IDS’ and IPS’ and of course the DLPs.
As some of you may know, DLP (Data Loss Prevention) is an information traffic control mechanism in the information system of an enterprise. The main objective of DLP systems is to prevent the transmission of confidential information outside of the information system. Such transfers or often called leakages can be both intentional and unintentional.
Practice shows that most of the leaks that are known (about 3/4) occur not by malicious intent, but because of errors, carelessness or negligence from workers. The rest of the leaks are associated with malicious actors and users of the information systems. It is understandable that insiders usually try to overcome DLP systems. The outcome of this effort depends on many factors and it is impossible to guarantee success, but the risks can be greatly minimized. DLP is necessary because there is a lot of data, unauthorized diversion of which could cause significant damage to the organization.