Cloudflare DLP

Cloudflare DLP is a system designed to detect and prevent the unauthorized transfer of sensitive data. It inspects web, SaaS, private application, email, and AI platform communications. The system operates within a Zero Trust security model, aiming to meet regulatory compliance and protect intellectual property while maintaining user productivity. Key functionalities include automated, context-aware inspection of encrypted web traffic and outbound emails. It enforces data transfer policies through inline methods (SSE/SWG) and out-of-band methods (CASB). The system can scan AI prompts and identify risks in SaaS file sharing. Detection capabilities leverage Machine Learning for context analysis, Optical Character Recognition (OCR) for images, and document fingerprinting. Cloudflare DLP supports pre-built and custom data profiles, including standard categories like PII and PHI, as well as custom profiles for proprietary information. It features Exact Data Match (EDM) for precise record identification and integrates with Microsoft Purview to utilize existing sensitivity labels. Management is centralized, offering a unified dashboard for logging, forensics, and policy configuration across different environments. It is acquired as a "full-featured" add-on to Cloudflare One's Contract Plan, the company's SASE solution.