In the electronic information age, people may share, access, and disseminate high volumes of information. In addition, the workforce has become increasingly mobile, and the ubiquity of high-speed Internet access, smart mobile devices, and portable storage means that “the office” may be anywhere. As a consequence, it has become more difficult than ever for organizations to prevent the loss of sensitive data. Organizations are therefore increasingly looking to Data Loss Prevention (“DLP”) solutions to protect their sensitive data.
A typical DLP system may attempt to prevent sensitive data from being stored on external devices (e.g., network shares or removable media). For example, in one approach, a traditional DLP system may detect when files on external devices are closed. Once a file is closed, the traditional DLP system may scan the file for sensitive data and delete the file from the external device if necessary.
Unfortunately, deleting sensitive data from external devices may not always work or fully prevent data leakage. For example, the DLP system may lose access to an external device after a sensitive file is written to the device but before the DLP system can fully scan the file (e.g., a user may remove a USB flash drive from a computer directly after writing a sensitive file to the flash drive before the DLP system has fully scanned the sensitive file). In addition, a sensitive file may be written to a write-once medium (e.g., a CD-R or DVD-R), which may effectively prevent a DLP system from deleting the sensitive file. Moreover, even if a DLP system is able to successfully delete a sensitive file from an external device, a disk analysis tool might be able to later recover the deleted data.