1. Data Loss Prevention (DLP):
   1. Software that detects potential data breaches and data exfiltration transmissions, and prevents them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).
2. There are three traditional varieties of Data Loss Prevention (DLP) systems:
   1. Endpoint DLP Systems:
      1. Software-based DLP systems which run on an individual computer.
      2. Endpoint DLP systems may be used to inspect the contents of storage devices, and/or block those devices from being accessed by creating access control rules.
      3. Monitors data in use.
      4. Controls user traffic flows.
   2. Network DLP Systems:
      1. Software- or hardware-based DLP systems, often deployed on the network perimeter.
      2. Inspects data in motion.
   3. Storage DLP Systems:
      1. Software installed in data centers or server rooms.
      2. Inspects data at rest.
3. Cloud DLP
   1. Cloud-based DLP solutions perform the same functions as traditional DLP systems, and may be integrated with them.
   2. Cloud-based DLP is necessary in organizations whose security policies allow Bring Your Own Device (BYOD) and Enterprise Mobililty Management (EMM) solutions, and in organizations that store large amounts of data within the cloud.
      1. BYOD:
         1. Bring Your Own Device. A popular mobile deployment strategy used by organizations. Allows fast deployment and wide employee adoption, but no security.
      2. EMM:
         1. Enterprise Mobility Management. A security policy developed specifically for mobile devices.