This content is part of the Buyer's Guide: Choose the right DLP tools to help execute your DLP strategy

Five supporting technologies for DLP products

Expert Bill Hayes examines five technologies that can complement data loss prevention products and improve enterprise security.

Data loss prevention (DLP) products can be an integral component of enterprise security programs because they can detect and stop potential exposures of sensitive data. But there are other supporting technologies that can complement DLP products and provide additional layers of data security for enterprises.

Here are the top five supporting technologies to extend information protection beyond an organization's DLP products.


Email encryption and file encryption are powerful allies in any DLP effort. Look for encryption products that integrate with DLP products. Encryption can be used to protect files transported on mobile media and even prevent access to sensitive information by encrypting it where it lies when data at rest scanners find it in the wrong place.

Mobile device management

Mobile device management (MDM) products help address blind spots when DLP products do not have integrated protection for mobile devices. Look for MDM that integrates easily with DLP products and addresses a wide variety of mobile devices. MDMs can also be used to turn off a mobile device's camera when it is within the site perimeter where sensitive information is located.

Role-based access control

Email encryption and file encryption are powerful allies in any DLP effort. Look for encryption products that integrate with DLP products.

Role-based access control (RBAC) allows access control administrators to grant access to sensitive information based on employee job duties, and naturally enforces separation of duties. This is particularly important in preventing access rights creep, where users retain access to sensitive information even when job duties change. RBAC features are integrated into applications, such as MS Exchange, Oracle DBMS, Microsoft Active Directory and SELinux.

Digital rights management

Think of Digital rights management, particularly information rights management (IRM), as possessing a limited subset of DLP capabilities. IRM products often address only a particular type of information sharing through specific applications such as Microsoft Office, Exchange/Outlook and SharePoint. They can keep an unauthorized user from accessing sensitive information through commonly attempted methods, but may not be able to address more sophisticated theft attempts through malicious software, such as key loggers, screen captures, or copy and paste efforts.

Secure file sharing

Employees often opt for a cloud-based file-sharing site because of its convenience for external entities. However, there are cloud-based products, such as Proofpoint Secure Share, that keep sensitive information in an organizations control, while still making file sharing convenient. This makes it less likely that employees will go looking for risky workarounds when other security measures prevent business-related information exchanges.

Next Steps

Learn how to keep track of sensitive data with a data flow map

Find out how to create a data classification policy before deploying DLP products

This was last published in September 2015

Dig Deeper on Data security breaches