Data Loss Prevention (DLP) starts at the risk tolerance of an organization. One thing everyone at Steven Zimmerman’s roundtable agreed upon is that implanting DLP is tough. Only a couple participants came from organizations with DLP fully implemented; the rest have preliminary measures in place, but they cannot fully block and prevent everything because of the differences that end up happening in a security environment, such as encrypting everything. As a result, IPS and DLP are blind to those types of protections, so security teams must specify their ingress/egress points and verify what is allowed to pass between those points. They should also make sure business-to-business communications are vetted, have controls in place, and have some manual interventions if possible. As for the amount of cloud products out there, enterprises will face different challenges depending on if they want to implement Infrastructure-as-a-Service or Platform-as-a-Service to hook back into their in-house DLP solutions. Finally, the group discussed how to secure data at rest. First, security teams can ensure data ownership. Second, they can undergo data cleanup and classification. Finally, they can employ user awareness, showing users how much data they actually send out and teaching them what secure really means.