A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices. Even when these technologies are deployed, it is possible for sensitive objects to ‘leak’. Occasionally, leakage is deliberate and malicious, but often it is accidental too. For example, in today's global marketplace environment, a user of a computing system transmits data, knowingly or unknowingly, to a growing number of entities outside a computer network of an organization or enterprise. Previously, the number of entities were very limited, and within a very safe environment. For example, each person in an enterprise would just have a single desktop computer, and a limited number of software applications installed on the computer with predictable behavior. For example, when a user opens an existing file on a removable media, a backup copy of the existing file is created. When user modifies the file contents and if it is found to contain confidential data (as defined by the DLP policy), the configured remediation action is taken. For instance if the remediation is to block the user operation, the backup copy of the existing file is restored to the target file location. The existing method for preventing data loss from removable media is inefficient, as it requires additional copy of the existing data, and error prone as the user can remove the removable media before the completion of the detection request which would result in loss of confidential data. The issues are compounded when the size of the file is significant.