The technological means employed for dealing with data leakage incidents can be divided into categories: standard security measures, advanced/intelligent security measures, access control and encryption and designated DLP systems, although only the latter category are currently thought of as DLP today.
[4] Common DLP methods for spotting malicious or otherwise unwanted activity and responding to it mechanically are automatic detection and response.
Standard security measures, such as firewalls, intrusion detection systems (IDSs) and antivirus software, are commonly available products that guard computers against outsider and insider attacks.
[3] A next-generation firewall (NGFW) or intrusion detection system (IDS) are common examples of technology that can be leveraged to perform DLP capabilities on the network.
[7][8] Network DLP capabilities can usually be undermined by a sophisticated threat actor through the use of data masking techniques such as encryption or compression.
Endpoint systems also have access to the information needed to provide contextual classification; for example the source or author generating content.
[10] The cloud now contains a lot of critical data as organizations transform to cloud-native technologies to accelerate virtual team collaboration.
The data floating in the cloud needs to be protected as well since they are susceptible to cyberattacks, accidental leakage and insider threats.
"Data at rest" specifically refers to information that is not moving, i.e. that exists in a database or a file share.
This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals.