Expert Blog: How DLP Systems Have Changed

Carrier-1 Data Centers

Photo David Balaban
David Balaban is author of this Expert Blog and is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation.

The DLP systems market, as the industry veterans remember it, looked quite different from what it is today. Initially, DLP (Data Loss Prevention) systems were cumbersome and provided modest capabilities. The planning and implementation processes could take about six months. The setup required the involvement of various specialists, including linguists. Clients had to pay for testing. Today, these systems have changed.

How secure is public cloud infrastructure? That’s an important question for IT security professionals, as data leakage can be a concern for organizations and their data protection strategies. DLPs at the start were like a spaceship – expensive, big, with long-lasting setups and an incomprehensible effect. In those days, DLPs were available only to large businesses. It’s very different now. Their usage has become a widespread situation in various business niches. Thanks to new DLP practices and formats, the entry threshold into the club of DLP system users is declining month after month.

DLP systems in 2020

The time when vendors could dictate to customers what a Data Loss Prevention system should be like was short and has sunk into oblivion. Since then, customers control the situation, and developers create products under their supervision.

Modern DLP systems cannot be compared to earlier versions. Today, these programs are able to perform plenty of various functions: e-discovery, risk management, time tracking, data encryption, IT infrastructure audit, control of user privileges, etc.

Today, with the help of the DLP program, customers can:

  1. Monitor the movement of information across all channels, including cloud storage, instant messengers with end-to-end encryption (WhatsApp, Telegram) remote control programs (TeamViewer.)
  2. Analyze the information received during the monitoring. The system may detect any violations of outlined security policies.
  3. Use DLP to do all kinds of search quires that can be used individually and in different combinations. The system can parse all file types in any language.
  4. Conduct detailed investigations, including retrospective ones. Most corporate crimes are committed electronically and leave digital footprints. DLP systems can find the causes, participants, consequences of incidents. Therefore, DLPs do shadow copying, create archives, and collect information about user activity in programs and processes.

Now, DLP systems are functionally mature products, and vendors are paying more and more attention to the optimization and efficiency of their software. For example, the architecture is being changed in order to increase performance and allow customers to spend less on hardware. Vendors are constantly improving their process to decrease the load, for example, by using deduplication, codecs for compressing audio, recording video from user screens using different quality levels. New settings help to balance the system load and prevent users’ PCs from slowing down.

New changes are in high demand now since business owners seek to cut any unnecessary spending. However, the main changes have to do with new formats for working with DLP systems that allow customers to optimize their security budgets even more seriously.

Cloud DLPs

Although cloud DLPs are not new, they have not been widely used until recently. Demand for such services started to grow due to economic reasons. Customers may pay for the service on a monthly basis, and they do not need to purchase, configure, and maintain expensive hardware.

The cloud format is in great demand since many companies deliberately refuse to use their own equipment park. This business approach is suitable when the business grows and expands the branch network. During this period, companies are building up IT infrastructure for the main business processes, and all other expenses receive lower priority. Cloud solutions become a way out when customers need to control plenty of devices of employees working remotely.

The emergence of secure cloud technologies is another factor that pushes the quick development of cloud DLPs. DLP vendors did not offer cloud deployment until they were convinced that it could be done securely. All data from corporate PCs are transmitted to the data center via secure channels, and only the customer has access to the “core” of the system. Large cloud providers are subject to strict regulations. They use protection mechanisms that are not available to the average business and are much more resistant to various cyber-attacks.

Information security outsourcing

Information security outsourcing has appeared to address several problems at once, including financial and personnel problems. Today, the customer may receive a DLP system and a professional analyst or a team of analysts. These workers identify incidents, analyze, and report them to the client. At the same time, the DLP system can be either fully owned by the customer or leased.

In the long run, information security outsourcing is more expensive for companies than purchasing licenses. But the distributed financial burden in the short term turns out to be justified. Outsourcing is suitable for those companies that could not assess whether it is justified to buy licenses, hardware, or hire additional information security specialists. The last factor is extremely important because we are experiencing an acute shortage of qualified personnel. Not all large companies have enough professionals. The situation with small and medium-sized enterprises leaves much to be desired.


Data Loss Prevention systems have come a long way of development. Traditional solutions are still there, and customers may still use their own information security services and buy eternal licenses. But it is also possible to use cloud DLP systems that do not require large initial investments. Over the next years, we will see many changes in the nature of the services offered and their sales schemes. Practice shows that often the service-based model allows achieving the highest results, especially when dealing with the development and maintenance of such complex systems as DLPs. During the past years, large service providers accumulated sufficient experience and deeply understand the customer’s business processes and know how to correctly approach protection against internal and external threats.