Data Loss Prevention
Data Loss Prevention (DLP) is a set of technologies, processes, and policies used to prevent sensitive or confidential data from being lost, leaked, or accessed by unauthorized parties. This is achieved by:
- Identifying, classifying, and protecting sensitive data
- Managing the security posture of all data assets
- Monitoring data in real-time to detect exfiltration
- Enforcing data protection policies
Implementing DLP in a cloud environment is hindered by the inability to install software on servers that are not owned by the organization. In a cloud environment, physical servers are owned and operated by a third-party provider – either IaaS or DBaaS. The organization can't install its own agents or implement other server-side security controls to monitor and control data in real time (aside from native solutions which might have limitations).
Newer cloud data security technologies, such as DDR, offer an agentless form of DLP centered on real-time log analytics.