Data loss prevention vs. data loss protection, and why it matters

The terms “data loss prevention” and “data loss protection” are often bandied about interchangeably – and, in many cases, with good reason. After all, they both help organizations keep sensitive data and intellectual property (IP) secure. They can both be facilitated by technology. And, yes, they both use the same acronym.

But despite these similarities these two terms actually have quite distinct meanings. On one hand, data loss prevention typically focuses on the “detection and prevention of sensitive data exfiltration” – guarding against data loss via lost laptops or hackers. Data loss protection, however, is about protecting sensitive data as it flows between different organizations and systems of record such as enterprise resource planning (ERP) software, customer relationship management software (CRM), human resources platforms, and other corporate or cloud systems.

Data loss prevention tools include email scanning software, which automatically checks outbound email content for potential PII data such as Social Security or credit card numbers; firewalls; and antivirus software.

Data loss prevention: It’s simply not enough

While these tools serve an important purpose, they don’t fully protect against accidental or malicious data loss or leakage. Users can, for example, still download sensitive documents to their local (even personal) computer or mobile device. Employees can also leave your organization with that data still on their computer. That’s a major blind spot when it comes to safeguarding company IP and other sensitive information.

Data loss protection – also known as data leakage protection – shines a light on this blind spot through tools and processes that safeguard your data from almost any eventuality.

Traditional data loss prevention has exclusively focused on “stopping the bad thing from happening,” according to Code42 Information Security Director Michelle Killian. Data loss protection takes this concept several steps further by providing full visibility into all of an organization’s data, including where it lives, who it’s shared with, who has access to it, and how that data moves between organizations and systems.

Think of it this way: Data loss prevention tools are like those grocery shopping carts designed to lock wheels if they pass a certain threshold. While they do a great job deterring theft by keeping the shopping cart on the premises, they’re not so great at stopping potential thieves from putting items under their coats and running!

Achieving data loss prevention AND protection

Tehama’s next-generation enterprise DaaS platform offers data loss prevention and data loss protection capabilities all in one platform. Tehama’s proprietary File Vault is an ultra-secure avenue for data asset collaboration that provides strict yet customizable download controls (it can be accessed via Tehama rooms and desktops, or Tehama’s Web UI).

The File Vault provides a way to securely upload files between a user’s local machine and an organization’s network, move files and folders between virtual desktops, or view all uploaded files (including their size, status, and time of last modification) to the Tehama system.

But the sweet spot, from a data protection perspective, is that admins can easily configure their File Vault to block users from downloading files to their computer or anywhere else – making data leakage by employees or partners a thing of the past. All files uploaded into the File Vault are automatically scanned for malware and other malicious content using Tehama’s built-in antivirus tools and anti-malware protection.

Because a company’s data and IP never leave their Tehama Room, there’s also no risk of data breaches via lost or stolen endpoints. And the virtual nature of Tehama enterprise DaaS means there’s no more shipping of laptops cross-country, reducing risk even further (lost devices were responsible for 41 percent of data breaches between 2005 and 2015, according to Gartner).

Other out-of-the-box data loss protection and data loss prevention tools included in Tehama enterprise DaaS include:

• A Zero Trust access model: The Tehama platform automatically applies multi-factor authentication (MFA) with SAML/SCIM integration, segregated network access, and the principle of least privilege
• Strict policy controls: Policies enforce users to meet certain entry requirements before accessing a desktop or room, to ensure only trusted and approved members have access
• Secure enterprise gateway: This Tehama gateway establishes a secure channel between a Tehama Room and your organization’s private network, securely connecting users with corporate data.

Choose a DaaS provider that will safeguard your data

Instead of implementing DaaS and then stacking data prevention and data protection software on top, it’s far more effective (and easier on the wallet) to select a DaaS provider with all these capabilities built right into the platform. Many DaaS providers require additional DLP tools to secure your endpoints – but with Tehama these tools come out of the box, ready to secure your data from Day One, along with strong compliance and down-to-the-keystroke activity recording for robust data loss protection.

See How Your Enterprise Can Securely Enable Hybrid Teams

Get a Demo