Data-leak protection goes by many names: Data loss protection or prevention, anti-data leakage, insider-threat protection, outbound content management just to name a few. The point of these products is to monitor, document, and often prevent sensitive information from leaving an organization without authorization.
The definition of "sensitive data" varies by company, too. Some types of data are obviously of a sensitive nature, including credit-card, social-security, or bank account numbers of customers or employees. But sensitive data can also include intellectual property, competitive information -- anything that a company doesn't want viewed by the wrong eyes.
Data-leak protection products identify sensitive information by matching terms in an included dictionary or by helping companies define what their sensitive data is and using algorithms to flag matches to those definitions. These products can be software-only tools or appliances and some require the use of client agents. Regardless of their form, most of these products work by scanning "data in motion," meaning information that's leaving the organization via e-mail or instant messaging, or being copied to removable media. These days many of these products are also scanning "data at rest," meaning information found in data stores throughout the corporate network. The latter approach helps companies get a handle on all the sensitive data they own (and therefore are responsible for protecting, as per government and industry regulations), not just the sensitive information that's leaving the company.
Once identified by these tools, the data can be handled in a variety of ways. Administrators have the option to simply be alerted that sensitive data is leaving the organization, or the action can be blocked or quarantined. Some products will display a notice to users that they are about to move sensitive data in a manner that violates corporate policy and prompts users to enter a reason for engaging in this action. This approach helps educate users about sensitive-data policies to help limit unintentional sharing of protected information.
Additional resources
