Paul Stuttard, director, Duxbury Networking.
Data loss prevention (DLP) has traditionally focused on protecting sensitive information within the corporate network perimeter. However, this model no longer reflects how modern organisations operate.
Today, data is constantly moving between different cloud services, SaaS (software-as-a-service) platforms, remote devices and web-based applications, making the browser a central workspace for many employees.
As a result, the protection of confidential data is becoming more complex and less tied to a single control point.
The Gartner research and advisory firm notes that organisations are increasingly relying on cloud services to support their remote workforces, leading to the dissolution of traditional network perimeters and forcing a rethink of how DLP is applied.
DLP systems that rely on traditional patterns or keywords to identify sensitive data are still applicable in certain situations, but they typically involve static rules.
Consequently, organisations often struggle with context, blocking legitimate activities while failing to detect less obvious risks. Furthermore, DLP challenges rarely stem from a single issue, instead arising from a combination of technical limitations, human behaviour and rapidly-evolving digital environments.
As a result, DLP strategies are gravitating towards a more context-aware approach. Rather than focusing exclusively on data content, organisations are increasingly analysing how information is accessed, shared and transferred.
To determine whether an action represents normal business activity or a potential data leak, factors such as user identity, device type, location and data destination have become essential.
This complexity is further amplified by today’s distributed IT environments. Data is now accessible from on-premises systems, cloud services, SaaS applications and remote endpoints, and is constantly transmitted between them − often bypassing traditional DLP controls.
The protection of confidential data is becoming more complex and less tied to a single control point.
This, in turn, makes the configuration of DLP policies a persistent challenge. Critical information can be exposed in less restrictive environments, while overly strict rules risk hindering productivity. Achieving the right balance requires ongoing refinement and a deep understanding of real-world usage patterns and shifting risk profiles.
In short, static policies are no longer adequate in environments where both risks and workflows evolve rapidly.
Human behaviour also remains a significant factor in data loss incidents. Breaches are often caused by seemingly minor errors, such as sending information to the wrong recipient, storing sensitive data in unsecured locations, or using vulnerable devices.
US-based telecommunications company Verizon confirms that “the majority of data breaches involve a human element, including errors, misuse or social engineering”.
However, education alone cannot address the scale of the problem. Modern work environments − characterised by hybrid work, remote access and heavy reliance on cloud applications − create numerous pathways for data to leave an organisation.
Against this backdrop of both technical and human risk, the industry is increasingly turning to enterprise browsers as a key component of contemporary DLP strategies.
Enterprise browsers offer several advantages. They provide granular control over data flows within the browser session, ensuring secure access to applications while enforcing policies in real-time.
Unlike legacy DLP approaches that rely on heavy endpoint agents, enterprise browsers monitor user activity directly within the web environment and can control actions such as uploading, downloading, screen capture and copy-paste functions.
In this model, the browser becomes both the primary platform for business applications and a centralised control point for data protection.
By embedding DLP controls directly into the browser, organisations can manage risk at the point where data is actually used, gaining valuable visibility into how sensitive information is accessed and handled.
This approach enables more effective policy enforcement. Users can be prevented from copying confidential data into external websites, uploading files to unauthorised cloud services, or transferring sensitive information to unprotected devices. Because these controls operate in real-time, they reduce reliance on retrospective detection and after-the-fact responses.
A key benefit of these advanced DLP implementations is the ability to combine browser-level visibility with identity and behavioural analytics, enabling adaptive, context-sensitive policies.
For example, an employee using a secure, managed device in a trusted environment may be granted broader access than someone connecting from a personal device or an unsecured network. This flexibility helps maintain productivity while reducing unnecessary friction.
Continuous monitoring is also essential. As organisations adopt new tools and expand their digital ecosystems, data flows and risk profiles evolve. DLP strategies therefore require regular policy reviews and updates to remain effective over time.
The shift towards cloud-based, browser-centric work has underscored the need for data protection at the point of use. Enterprise browsers address this challenge by enabling context-aware DLP and continuous monitoring within the environments where work actually takes place.
This view is reinforced by Konika Dhull, a respected US-based product and data analyst, who notes: “As the DLP landscape continues to evolve, one thing is certain: browser-native DLP is essential for modern work environments.
“Traditional endpoint DLP may protect data on managed devices, but enterprise browsers provide the browser-level data protection that enables comprehensive data protection in SaaS workflows, cloud collaboration tools and unmanaged device scenarios.”
