Please “KISS” in Information Leak Prevention

Einstein led us to have a taste of the simple beauty of the physical world; Steve Jobs was showing us the extraordinary minimalist design. At most of time, only simplicity can reach the essence of things. There is a very important principle in enterprise management-”Keep It Simple, Stupid”, because only simplicity can be accepted by majority and be more widely implemented. Enterprise information leak prevention often make people feel complicated and have no thread, which makes it need KISS principle.

So how to apply the KISS principle to corporate information leak prevention? In current enterprise information leakage protection projects, three aspects that most need simplification are security systems architecture, information using environment and security regulation.

1. Keep the system simple to realize easy operation.

If the security mechanism of enterprises is too cumbersome, employees will find any ways to circumvent them. For a suit of information leak protection system, no matter how powerful it is, it will be invalid if no one uses it.

Some companies will chose a system that stacks different brands of security systems together when purchasing the information leakage protection system. In fact, due to need to run multiple systems, administrators must log in multiple accounts, set policy on multiple platforms, and query data, which make the management more difficult. Coupled with compatibility and other issues, the company’s overall anti-phishing systems become more complex and practicability therefore becomes weaker.

2. Keep the environment clean so as to achieve an orderly control.

If compare a business to a planet, the information are lives on the planet, and the information ecological environment of the enterprise is very poor. For example, randomly placing important files, crossly using various U disks, randomly installation of various software, freely to modify the configuration of your computer, such kind of phenomenon that will harm information abound, which potentially increase the chance of data leakage. Meanwhile this chaotic environment will virtually give employees an expression that “company doesn’t attach importance to information leakage protection”, and gradually eroded employees’ security awareness.

Therefore enterprise information leak prevention can start from information using environment specification, such as to unify the registration and management of mobile storage device to ensure that admin can trace back to the owners of each device, every device usage has its operational records; such as to unify the applications installation and network configuration of external computers via desktop standardization. Clean information using environment can not only improve the enterprise anti- leak coefficient, improve safety awareness of users, but also help to shape corporate professional and trustworthy image.

3. Keep the system simple so as to achieve clear and feasibility.

At the mention of information security system, many people may come to mind is something out of a thick manual and the like, tedious, boring, soporific. Such kind of a system, although it takes a great deal of efforts, but few people like it.

Information security system should not be cold warning or even command, but a humanized communication between enterprise and users. Therefore, companies should take a variety of forms to communicate with employees, and with a reasonable incentive so as to achieve good results.

You may face core assets loss and heavy pressure from market, partners and the public if you don’t prevent information leakage; while you may feel difficult to promote, implement if you decide to prevent the information leakage. Those enterprises that worrying about information leak prevention project had better “KISS”!

For more information about data security and enterprise data leak prevention, please visit: Kakasoft.