The cybersecurity industry commonly names DLP as Data Leakage Prevention. It lacks of qualifier because the technology just tries to detect/prevent human mistake nor broken business process. In that sense, DLP is likely capable.
There are always many means to exfiltrate data as there are many “holes” in the infrastructure. The fencing is good to block trespasser but not getting materials thru the fence.
Use of DLP or other technology just makes data exfiltration harder, or takes longer time to do so. Imagine, all of us have cell phone that is an effective tool to beat DLP. How many organizations will demand surrendering cell phone before:
- Coming to attend confidential discussion (e.g. the movie “Salt“)
- Accessing sensitive information at workplace
- Disabling remote access
The term shall therefore be rephrased as Data Leakage Protection and set the proper expectation what can be done and what are limitations.
[…] example is DLP (Data Leakage Protection, not Prevention). It requires “super” privileges to access every resource being monitored to alert […]