October 15, 2015 By Brian Evans 4 min read

Data loss prevention (DLP) technologies identify, monitor and protect data in use or in motion on the network, as well as data at rest in storage or on desktops, laptops and mobile devices. While organizations are more successful at filtering incoming malicious content and deflecting unauthorized entry attempts, they are lagging behind with implementing technical solutions that effectively address data breaches.

Data Breaches Reach a Peak

According to the Identity Theft Resource Center, data breaches reached an all-time high in the U.S. in 2014, representing an increase of more than 27 percent from the number of breaches reported in 2013. Data breaches are a fact of life now, and organizations will continue to be negatively impacted by the loss or compromise of sensitive information.

An integral part of the answer in minimizing these impacts and reducing risks associated with exposing sensitive information, losing intellectual property or violating compliance obligations is data loss prevention. This technology enforces data security policies by monitoring devices and traffic while preventing the outbound flow of sensitive information.

So what’s the impact? IBM and the Ponemon Institute recently released their annual “Cost of Data Breach Study,” which found that the average cost paid for each lost or stolen record containing sensitive information rose 6 percent — an increase from $145 in 2014 to $154 in 2015.

Listen to the podcast: Avoiding Common Data Security Mistakes

Data Loss Prevention Must Be Integrated

DLP has finally evolved to become an important component of a broader security architecture. Through deep content inspection and a contextual security analysis of transactions, DLP technologies serve as the enforcers of data security policies and provide a centralized management framework designed to help detect and prevent the unauthorized disclosure or transmission of sensitive information. DLP protects against mistakes that lead to data leaks and intentional misuse.

As organizations recognize the growing risk of data loss and the importance of data protection, DLP solutions become more attractive. Although most organizations express an awareness of DLP capabilities, they struggle to make the business case for the product’s adoption, and achieving project buy-in from executives is a key first step to any security endeavor.

Although a DLP project can hold the attention of executives due to its ability to support regulatory compliance requirements, the difficulty lies in justifying the project’s costs with the benefits, which largely involve mitigating the risks of information loss and a technical means to protect information from leaving the network. Identifying top security drivers as problems addressed by DLP solutions helps increase executive support for a business case.

Key Drivers

There are several key drivers that can demonstrate the need for the adoption of a DLP solution. Some of the most popular are the need for compliance, enhanced property protection and improved security awareness and training, among others.


These solutions support compliance with security regulations and standards such as:

  • HIPAA;
  • GLBA;
  • Sarbanes–Oxley; and
  • PCI Data Security Standard.

Property Protection

Data loss protection tools can help secure an enterprise’s property and critical information. This may include:

  • Intellectual property;
  • Protected health information;
  • Personally identifiable information (PII);
  • Credit and debit card information;
  • Data regarding mergers and acquisitions; and
  • Strategy and planning details.

Security Awareness and Training

Once the right tool has been acquired, its implementation and use could assist companies in increasing user awareness of:

  • Security incidents;
  • Compliance requirements;
  • IT problems and advancements; and
  • Legal issues.

Other Considerations

Organizations must also take into account factors such as:

  • Ensuring appropriate network usage;
  • Driving the use of security technologies such as encryption; and
  • Fostering secure communications with outsourced vendors and other partners.

Address All of Your Security Needs

Although larger, publicly traded companies often propose DLP solutions as a means to shield executives from legal consequences, organizations of any size can use DLP functions to address a variety of needs. International organizations, for example, may use security features inherent to DLP to add another layer of protection for intellectual property in less regulated countries; other companies can use DLP to drive policies such as encryption use.

The greatest sources of value to an organization can come in the form of:

  • Complying with federal laws;
  • Reducing financial damages due to loss of confidential data or intellectual property; and
  • Ensuring a secure environment to business partners.

DLP solutions can provide significant financial and operational benefits by reducing costs associated with compliance and intellectual property protection challenges. Enterprises should consider potential costs incurred as a result of unmitigated risks. For example, avoiding reputation damage, avoiding regulatory sanctions and protecting intellectual property deliver businesses benefits that are often difficult to quantify yet still beneficial to operations.

Justifying a DLP Implementation

Weighing the costs and risks against the regulatory, business and financial benefits of DLP adoption enables informed buy-in decisions. To help justify an implementation of DLP, organizations should consider both the costs/risks and foreseeable benefits of a solution. There may be many factors that influence each of these categories.

Long-Term Costs

Paying for the acquisition of a DLP solution is just the tip of the iceberg. Companies must also take into account:

  • Licensing fees for hardware and software;
  • Upfront costs for customization or add-ons;
  • Any additional costs for staffing or scope expansion; and
  • Ongoing costs such as support and maintenance.

Potential Risks

Drawbacks that enterprises need to consider include:

  • DLP-specific risk, such as interruptions to workflow and dissatisfaction on the part of vendors or partners; and
  • Non-DLP-specific risks, like solutions and resources that conflict with other business initiatives and the technology risk stemming from implementing and integrating new systems.

Foreseeable Benefits

The advantages of data loss prevention techniques touch many areas of business operations.

  • Regulatory benefits include supporting regulatory, contractual and policy compliance and securing outsourcing and partner communications.
  • Business benefits may include protecting the corporate brand and reputation, positioning the company as a trusted business partner, protecting intellectual property and enabling metrics to measure data loss prevention.
  • Cost benefits include reducing risk and exposure to internal and external threats and positioning the company to avoid potential financial loss from misuse of data, loss of data or noncompliance to policy, regulations or standards.

Businesses need to effectively manage information risk in order to thrive and grow, so it’s important to choose the right organizational investments. Implementing a data loss prevention solution is one of those investments. A business case can make all the difference because it generates stakeholder commitment and guides the work to ensure that expected benefits are realized.

Listen to the podcast: Avoiding Common Data Security Mistakes

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today