October 15, 2015 By Brian Evans 4 min read

Data loss prevention (DLP) technologies identify, monitor and protect data in use or in motion on the network, as well as data at rest in storage or on desktops, laptops and mobile devices. While organizations are more successful at filtering incoming malicious content and deflecting unauthorized entry attempts, they are lagging behind with implementing technical solutions that effectively address data breaches.

Data Breaches Reach a Peak

According to the Identity Theft Resource Center, data breaches reached an all-time high in the U.S. in 2014, representing an increase of more than 27 percent from the number of breaches reported in 2013. Data breaches are a fact of life now, and organizations will continue to be negatively impacted by the loss or compromise of sensitive information.

An integral part of the answer in minimizing these impacts and reducing risks associated with exposing sensitive information, losing intellectual property or violating compliance obligations is data loss prevention. This technology enforces data security policies by monitoring devices and traffic while preventing the outbound flow of sensitive information.

So what’s the impact? IBM and the Ponemon Institute recently released their annual “Cost of Data Breach Study,” which found that the average cost paid for each lost or stolen record containing sensitive information rose 6 percent — an increase from $145 in 2014 to $154 in 2015.

Listen to the podcast: Avoiding Common Data Security Mistakes

Data Loss Prevention Must Be Integrated

DLP has finally evolved to become an important component of a broader security architecture. Through deep content inspection and a contextual security analysis of transactions, DLP technologies serve as the enforcers of data security policies and provide a centralized management framework designed to help detect and prevent the unauthorized disclosure or transmission of sensitive information. DLP protects against mistakes that lead to data leaks and intentional misuse.

As organizations recognize the growing risk of data loss and the importance of data protection, DLP solutions become more attractive. Although most organizations express an awareness of DLP capabilities, they struggle to make the business case for the product’s adoption, and achieving project buy-in from executives is a key first step to any security endeavor.

Although a DLP project can hold the attention of executives due to its ability to support regulatory compliance requirements, the difficulty lies in justifying the project’s costs with the benefits, which largely involve mitigating the risks of information loss and a technical means to protect information from leaving the network. Identifying top security drivers as problems addressed by DLP solutions helps increase executive support for a business case.

Key Drivers

There are several key drivers that can demonstrate the need for the adoption of a DLP solution. Some of the most popular are the need for compliance, enhanced property protection and improved security awareness and training, among others.


These solutions support compliance with security regulations and standards such as:

  • HIPAA;
  • GLBA;
  • Sarbanes–Oxley; and
  • PCI Data Security Standard.

Property Protection

Data loss protection tools can help secure an enterprise’s property and critical information. This may include:

  • Intellectual property;
  • Protected health information;
  • Personally identifiable information (PII);
  • Credit and debit card information;
  • Data regarding mergers and acquisitions; and
  • Strategy and planning details.

Security Awareness and Training

Once the right tool has been acquired, its implementation and use could assist companies in increasing user awareness of:

  • Security incidents;
  • Compliance requirements;
  • IT problems and advancements; and
  • Legal issues.

Other Considerations

Organizations must also take into account factors such as:

  • Ensuring appropriate network usage;
  • Driving the use of security technologies such as encryption; and
  • Fostering secure communications with outsourced vendors and other partners.

Address All of Your Security Needs

Although larger, publicly traded companies often propose DLP solutions as a means to shield executives from legal consequences, organizations of any size can use DLP functions to address a variety of needs. International organizations, for example, may use security features inherent to DLP to add another layer of protection for intellectual property in less regulated countries; other companies can use DLP to drive policies such as encryption use.

The greatest sources of value to an organization can come in the form of:

  • Complying with federal laws;
  • Reducing financial damages due to loss of confidential data or intellectual property; and
  • Ensuring a secure environment to business partners.

DLP solutions can provide significant financial and operational benefits by reducing costs associated with compliance and intellectual property protection challenges. Enterprises should consider potential costs incurred as a result of unmitigated risks. For example, avoiding reputation damage, avoiding regulatory sanctions and protecting intellectual property deliver businesses benefits that are often difficult to quantify yet still beneficial to operations.

Justifying a DLP Implementation

Weighing the costs and risks against the regulatory, business and financial benefits of DLP adoption enables informed buy-in decisions. To help justify an implementation of DLP, organizations should consider both the costs/risks and foreseeable benefits of a solution. There may be many factors that influence each of these categories.

Long-Term Costs

Paying for the acquisition of a DLP solution is just the tip of the iceberg. Companies must also take into account:

  • Licensing fees for hardware and software;
  • Upfront costs for customization or add-ons;
  • Any additional costs for staffing or scope expansion; and
  • Ongoing costs such as support and maintenance.

Potential Risks

Drawbacks that enterprises need to consider include:

  • DLP-specific risk, such as interruptions to workflow and dissatisfaction on the part of vendors or partners; and
  • Non-DLP-specific risks, like solutions and resources that conflict with other business initiatives and the technology risk stemming from implementing and integrating new systems.

Foreseeable Benefits

The advantages of data loss prevention techniques touch many areas of business operations.

  • Regulatory benefits include supporting regulatory, contractual and policy compliance and securing outsourcing and partner communications.
  • Business benefits may include protecting the corporate brand and reputation, positioning the company as a trusted business partner, protecting intellectual property and enabling metrics to measure data loss prevention.
  • Cost benefits include reducing risk and exposure to internal and external threats and positioning the company to avoid potential financial loss from misuse of data, loss of data or noncompliance to policy, regulations or standards.

Businesses need to effectively manage information risk in order to thrive and grow, so it’s important to choose the right organizational investments. Implementing a data loss prevention solution is one of those investments. A business case can make all the difference because it generates stakeholder commitment and guides the work to ensure that expected benefits are realized.

Listen to the podcast: Avoiding Common Data Security Mistakes

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today