Modern general-purpose computing systems present a variety of challenges for data loss prevention (DLP). It can be difficult to limit the exposure of certain types of data when hundreds of different applications may be available for use on a particular system, each one a potential vector for data loss.
A conventional method to prevent the loss of sensitive data is to monitor the specific applications that have direct access to the sensitive data and to limit or intercept questionable functions used within these programs. However, modern computing systems also include system functions such as the clipboard object which allow for the quick movement of data from one application to another. Controls placed on a particular application might therefore be bypassed by a user who copies and pastes the sensitive data to another application without the same controls.
In view of the foregoing, it may be understood that there may be significant problems and shortcomings associated with traditional DLP methods.