1. Field of Disclosure
The disclosure generally relates to the field of encryption, in particular to using encryption to prevent data loss from an enterprise.
2. Description of the Related Art
Enterprises such as businesses often use document repositories to enable users to collaborate and share files. Unfortunately, unprotected files can pose a critical risk to an enterprise's most sensitive data like customer information, financial data, trade secrets, and other proprietary information. Exposure of these data can result in financial loss, legal ramifications, and brand damage.
Data Loss Prevention (“DLP”) systems identify, monitor, and protect data in order to prevent sensitive data from leaving an enterprise. Typically, a DLP system will examine data that can potentially leave the enterprise, such as data being written to a removable storage device, to ensure that the data complies with a DLP policy. The DLP system prevents non-compliant data from leaving the enterprise by, e.g., blocking the data from being written to the removable storage device.
A difficulty with DLP systems is that the data often must be written to a storage device before it can be examined for compliance, yet the policy may specify that non-compliant data cannot be written to a storage device. The compliance policy might be structured this way because data can persist on a storage device even after it is deleted. Therefore, simply writing the data to a storage device, examining the data for compliance, and then deleting non-compliant data from the storage device may not prevent data loss from the enterprise.