Explanation (Shon Gerber) : A. Encryption Encryption is a confidentiality control that scrambles data to make it unreadable without a key. - The Distinction: While a DLP solution can trigger encryption (e.g., automatically encrypting an email that contains a Credit Card number), encryption itself is a separate cryptographic process. DLP is the "brain" that decides if the encryption needs to happen based on the data's movement. B. Access Control Access control (like RBAC or MAC) determines who can see or modify a file while it sits on a server. - The Distinction: Access control is generally "internal." DLP is focused on what happens when an authorized user tries to move that data outside of the protected environment (e.g., uploading it to personal cloud storage or copying it to a USB drive). C. Monitoring Monitoring is a broad activity that happens across all security domains. - The Distinction: While DLP certainly monitors data, "Monitoring" is too generic an answer. DLP's primary functional value is its ability to intervene and block unauthorized transfers, not just watch them happen. D. Traffic Filtering / Content Inspection This is the core of DLP. It inspects the content of data packets or files to see if they match specific "sensitive" patterns. - The Mechanism: DLP uses techniques like Pattern Matching (looking for 16-digit numbers that look like credit cards), Keywords, and Document Fingerprinting (recognizing a specific sensitive form). - The Three States of DLP: 1. Data at Rest: Scanning file shares and databases for sensitive info. 2. Data in Transit (Network DLP): Monitoring email, web traffic, and FTP. 3. Data in Use (Endpoint DLP): Monitoring clipboards, printers, and USB ports.