Three-Dimensional Data Protection: Access, Visibility, and Control

Created on Nov 16 2016, 5:19 PM by Sunil Choudrie

Knowledge is power. Whether it’s your proprietary data, customer insights, or strategic plans, data is valuable and needs protection. The problem is large. In 2015, half a billion personal records were stolen or lost, according to the Symantec 2016 Internet Security Threat Report Vol. 21 (ISTR). 

What’s behind this risk? Our research shows both internal and external threats. Criminals have found that they can obtain your data by breaking into your systems or by targeting your staff who might be softer targets. If your staff use simple or default passwords, over-share data, or don’t follow security measures (such as removing redundant files from cloud services), they put your data at risk. And malicious insiders, such as disgruntled employees, may try to steal sensitive corporate data to further their career or to sabotage your company.

Data Protection is not just about data loss prevention, it’s also about protection and access control. The key questions revolve around how do we allow open access to everyone, while still ensuring sensitive data is properly controlled? And moreover, how do we do this correctly?

Symantec Information Protection

The objective is not to contain data, but instead place the right visibility, controls, and policies to ensure that data is useful and not over-exposed. There’s also the people element. Encouraging the right behavior is better for employee trust and security. Consider a member of your team that attaches a document to an email. If they accidentally attach the wrong file in their haste, it can lead to embarrassment at best or a PR disaster or worse. Ideally, you would want to intercept this email before it leaves the organization, but if this isn’t carefully managed you can block emails that you didn’t mean to. A better approach is to empower your staff. A well-timed alert could inform your staff member that the attachment contains sensitive data, and gives an opportunity for any mistakes to be corrected. This approach allows your staff to make the right decision in what might be complex circumstances, which both plays to their strengths and reinforces and builds a strong security culture.

Symantec Information Protection helps you identify critical data across all your files and emails using automated discovery and context-based classification. With Symantec, risk is reduced by ensuring you limit access to the right people. You limit the risk of data getting into the wrong hands by managing how it’s stored and the protection that surrounds it. You can easily apply policies to control access and usage―in the cloud, on mobile devices, or on the network—and protect and control data by establishing policies that apply across your entire network via a single point.

Symantec VIP, VIP Access Manager, Data Loss Prevention all work together to create an information protection platform. Symantec Information Protection covers three areas: Access, Visibility, and Control.

“Where are my data risks?”

To protect data, you first need to find it, classify it, and then ensure that it’s properly managed. The challenge here is identifying the highest risks to your data. With data volumes exploding (a five-fold increase in data is predicted between 2015 and 2020), and data formats becoming less structured (photographs of forms or whiteboards), the challenges will only grow. 

Symantec Information Protection helps you discover where your sensitive data is stored across your infrastructure. You’ll be able to monitor and protect sensitive data on mobile devices, on-premises, and in the cloud. And it’s all done through a unified policy framework to define data loss policies and to help you review and remediate incidents.

“Who is accessing my data?”

Passwords are the de facto standard, but bitter experience teaches us that too many users are inundated with them, resulting in the use of weak passwords, passwords being reused or even written down when they are too hard to remember. A recent study entitled Cyber Security Flaws in Working Practices discovered that 21 percent of workers write down their passwords. In another study, sixty-three percent of confirmed data breaches involved weak, default, or stolen passwords, according to the Verizon 2016 Data Breach Investigations Report. You need to strike the right balance—making it easy for the end-user to access systems while ensuring security without relying on written-down notes.

Poor password hygiene makes accounts vulnerable to takeover attacks. These attacks can be eliminated with the use of single-sign on and multi-factor authentication technologies, such as Symantec VIP and VIP access manager. Symantec Managed PKI service also provides simple to manage device certificates, enabling secure access from any device, anywhere, to any apps your users need. Symantec increases security because VIP password-less fingerprint authentication makes accessing all approved applications simple, without the user needing to remember multiple passwords for multiple applications. This enables your organization to determine what applications show up as an option for the user based on their role.

With Symantec VIP, VIP Access Manager, and Managed PKI Service, we offer single sign on with rock-solid authentication to protect all your cloud and on-premises apps.

“How do I better protect my data?”

Data Breaches have almost become a weekly, if not daily, occurrence. According to the ISTR, the number of publically disclosed data breaches has risen steadily over the last number of years to reach 318 in 2015. What about stolen laptops or USB thumb drives and data breaches? Breaches caused by stolen or lost devices are real threats organizations face. In fact, this type of data breach makes up 45 percent of healthcare industry data breaches, according to the Verizon 2015 Data Breach Investigation Report. And the cost? The Ponemon Institute found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million last year, but of course this is highly variable with costs escalating significantly depending on scope, scale, and nature of the breach.

Fortunately, you can take some measures to help protect your organization from data breaches. Symantec offers four broad ways to help.

  • Symantec Endpoint Encryption helps prevent breaches by protecting critical data sent by email, as well as with files shared on network drives and in the cloud.
  • Second, Symantec’s unified policy controls the flow of information everywhere it goes—in the cloud (with Office 365, Box, Gmail and others), on premise, and with mobile applications. We deliver powerful protection without added complexity.
  • Third, Symantec Data Loss Prevention (DLP) integrates with encryption to prevent accidental leaks through user error and secures devices against data loss or theft.  
  • The fourth area is that Symantec ensures you limit access to only trusted users and devices. Symantec VIP, VIP Access Manager, and Managed PKI Service offer rock-solid access control, reducing the risk and consequences of account takeovers.

In upcoming posts of this series, we'll take a closer look at specific features of Information Protection. 

  • Products
  • Identity Access Manager
  • Identity and Authentication Services
  • information protection
  • Data Loss Prevention
  • VIP (Validation ID Protection)
  • Products and Solutions
  • Managed PKI for SSL


  • 0

    Great article @Symantec!

    My team and I only package this for deployment through the SMP, so my knowledge of DLP is somewhat limited.  However, I'm trying to gain more security knowledge, so I will start looking into this a little more.

    I do know this...I have seen this product work like it should and it's awesome to be able to catch people in the act of doing unsecure things with this product.  :D

  • 0

    A half a billion personal records is a tremendous amount! I'm glad companies like Symantec are there to help people be protected from threats they don't even know exist. It's even better when all of the different products complement each other so greatly.

  • 0

    Great article, Great products!!!

    Looks like you've got all the bases covered Symantec.

    Pair this with DLP and SEP 14 WOW!!!!

    Definitely a force to be reckoned with.

    Total Access, Visibility & Control - Whoot Whoot 

  • 0

    Control and govern the access to sensitive data and information is rather important, we should clearly defined who should see the informaiton, where the information will be stored, how it should be transmitted, should it virus free and encrypted and how to reach it? the three dimention data protection, accss, visibility and control is to ensure the sensitive information is appropriately protected. good knowledge base article,

  • 0

    With more and more Data Breaches news appearing all over the world, we need to roll up our sleeves and prevent this from happening. Yes, human errors might be mostly be blamed, but there are ways we can manage this.

    Protection software. Use of encryption. Education.

    With this, we can reduce it with the help of Symantec and other vendors.

  • 0

    Most companies have no idea where what their crtical data and where it lies. What i do like is Symantec is there to help with their technical expertise but better yet the platform integration among multiple products is even more impressive.

  • 0

    Great blog post.  I like the 3 areas that you have highlighted here to better add security to a company.  More and more companies need to focus on Visibility, Control, and Access.

    Keep up the great work

  • 0

    Wow half a billion personal records is a huge amount! Shows how important it is to use companies such as Symantec to help protect from threats they might not even know about. With all these Data Breaches news appearing all over the world, we need to work to prevent this from happening, human errors not alwayse to blame. Another good article by symantec.

  • 0

    I am suprised than more companies dont think this deep into security.  A lot just think that they have these intrusion detectionsystems or great physical security that they are immune to data loss.


    Data loss from internal can be easier and much worse than an external breach.  Weak passwords and not using multi factor authentication for VPN or even sensitive file access is asking for trouble.

    DLP products like SYmantec are a neccesity in this day and age, with the threats coming from all sides we all need to be diligent in protecting our data at all costs.

    Great aArticle, Very informative to all levels of technical knowledge.

  • 0


    Great Blog..

    Pairing SEP, DLP and VIP is like protection at it's best. Your information is going nowhere.

    Yes, More and more companies need to focus on Visibility, Control, and Access.

2 pages