DLP or Data Loss Prevention is an IT security term that refers to systems that protect, monitor, and identify data in rest such as data storage, data in motion such as network actions, and data in use such as endpoint actions, through a centralized management framework, contextual security analysis of transaction (attributes of recipient/destination, timing, medium, data object, originator, and so forth), and deep content inspection.
These DLP systems are precision engineered and carefully developed to prevent and detect unauthorized access and manipulation of personal or confidential data as well as protecting them from file degradation through human or computer errors and whatnot as well.
Systems that are specifically designed to avoid getting "leaked" into the wrong hands are referred to as Extrusion Prevention System (by analogy to intrusion-prevention system), IPC or Information Protection and Control, CMF or Content Monitoring and Filtering, Information Leak Prevention or ILP, ILDP or Information Leak Detection and Prevention, and Data Leak Prevention (not to be confused with DLP or Data Loss Prevention).
There are different ways to deploy the technology, see the different types of DLP systems.
The Network DLP is a type of DLP that is gateway-based (hence, it is also know as gateway-based system).
They have benefits and advantages such as low ownership cost and easy installation.
Furthermore, a Network DLP is capable of detecting data at rest or stored information that is found in unsecured or inappropriate places as well.
This DLP type is typically a dedicated hardware or software platform that's installed and run on a corporations Internet network connection.
On the other hand, Host-Based DLP systems are installed in an organization's end-user servers or workstations.
Just like their network-based counterpart, a Host-Based DLP can answer both internal and external communications.
Ergo, it can manage data flow between types of users or groups (for example, "Chinese walls").
Host systems are advantageous to companies because they can track down and handle access to hardware and physical machines such as mobile devices that are capable of storing data.
They can even retrieve content before its been encrypted during certain instances.