DLP: 4 Types of Data Loss Prevention

The Pros and Cons

When getting started with DLP, it’s worth knowing about the pros and cons of the different DLP solutions and terminologies. Here are the four major concepts you should know about:

‍Email DLP is set up to monitor and filter emails sent between users within an organization and external parties based on certain criteria e.g. sensitive keywords.

+ Pro: it reduces the amount of data leakage resulting from emailing
- Con: it doesn’t account for other ways of data leakage e.g. document sharing‍

Endpoint DLP requires software to be installed on an endpoint - that is PCs, laptops, mobile devices, servers or any other device with network access - for it to monitor and protect the data. This solution can also prevent transferring data to USBs.

+ Pro: always protecting the data even when offline, whether you’re using the company’s network or a public network
- Con: requires manual installation and maintenance for each endpoint‍

Network DLP is implemented onto a network, allowing all incoming and outgoing data to be monitored, blocked, protected and/or prevented from travelling from any device connected to the given network.  

+ Pro: DLP policies can be enforced onto all devices connected to the given network
- Con: devices must be connected to the given network  

Cloud DLP solutions such as those built into Google Workspace (Drive DLP) allow for much stronger DLP visibility and protection of sensitive data as it’s being enforced on the SaaS and IaaS level. This could potentially be emails, documents and other kinds of files that might include social security numbers or financial details which shouldn’t be accessible to other people.

+ Pro: no software or hardware is required, and the DLP protection is much stronger compared to the other solutions  
- Con: requires technical knowledge of how to set it up