Which technology is typically used for preventing data leakage on portable devices?

Endpoint DLP, or Data Loss Prevention, is specifically designed to protect sensitive information from being leaked or lost through portable devices such as laptops, USB drives, and mobile phones. It focuses on monitoring and controlling data transfers on these endpoints, ensuring that sensitive data does not leave the organization unintentionally.

This solution typically incorporates mechanisms like data labeling, encryption, and behavior analysis to enforce policies that prevent the unauthorized sharing or upload of sensitive data. By utilizing Endpoint DLP, organizations can effectively mitigate risks associated with data leakage on devices that employees frequently use outside of the secure premises.

In contrast, while network DLP is more focused on monitoring data moving across the network and trying to prevent data leaks that happen during transmission, it does not directly address the data residing on portable devices themselves. Data encryption secures data by making it unreadable without the proper decryption key, but it does not inherently prevent data from being copied or transferred. Access Control Lists are used to define permissions on resources but lack the specialized functionalities needed to monitor and control data specifically for preventing leakage on portable devices.