Data loss prevention technologies often fail to meet an organization’s entire list of data protection requirements. That’s because DLP does one thing: prevent data from leaving an organization. DLP does this very effectively:

DLP inspects data leaving the network or workstation. This inspection takes place only at the point of attempted data egress. Any other data use on a workstation or lateral movement on the network is not an attempt to egress data, so DLP does not inspect or log that data (it actually does not even see that data/activity).

DLP logs violations to policies created in anticipation of such an event – and only those egress attempts in which sensitive data is detected. In the case of data egress where no relevant policy exists or where sensitive data is simply not detected (i.e. non-policy violations), DLP does not log this activity.

DLP provides no visibility into user and data activity prior to attempted egress. What’s more, DLP doesn’t show egress attempts that are not blocked for lack of sensitive data. Without this visibility, an organization cannot a) identify data activity that may show a growing threat, b) put context around an event or incident and c) identify DLP false negatives. (These false negatives are the data breaches.)