Corporate networks are often filled with sensitive information in the form of confidential emails, company-private documents, personally identifying information, financial information, and more. The sensitive information may be spread across dozens or even hundreds of servers and/or personal computers. Ensuring that this information is kept secure may be very important for both an organization's reputation and for its success. Organizations may have data loss prevention (DLP) policies to ensure that sensitive information is handled correctly. Many organizations enforce DLP policies with the help of DLP applications that scan files and classify the files according to the policies. The DLP applications may prevent certain actions from being taken on sensitive files or may warn users that files are subject to the policies. These DLP applications may run on endpoint devices, servers, or both.
Traditional DLP applications may scan every file on a computing device to determine each file's classification according to a DLP policy. However, scanning and classifying every file on a device may consume a large amount of computing resources. Some users may avoid running a DLP application on their device out of concern for the resource use, causing files on their device to remain unclassified and increasing the risk of data breaches. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for determining that files found on client devices comprise sensitive information.