Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network.

The term is  used to describe software products that help a network administrator control what data end users can transfer. DLP solutions provide multilayered protection for data regardless of where it resides on the network, in the cloud or at the endpoint. Data loss prevention software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized parties by either malicious intent or an inadvertent mistake. Sensitive data includes private or company information, intellectual property (IP), financial or patient information, credit-card data and other information. Designated DLP solutions detect and prevent unauthorized attempts to copy or send sensitive data, intentionally or unintentionally, mainly by personnel who are authorized to access the sensitive information. In order to classify certain information as sensitive, these solutions use mechanisms, such as exact data matching, structured data fingerprinting, statistical methods, rule and regular expression matching, published lexicons, conceptual definitions and keywords.
Encryption is the process of encoding messages or information in such a way that only authorized parties can access it.

Read More
Sophos (Cyberoam)