Web Analytics

FireOak Strategies Blog

Insights and articles related to knowledge management, information security, technology, data and analytics, business process automation, platform management, and other related topics, from our experienced team of consultants.

< Back to FireOak Blog

Balancing Security and Sharing

For most organizations, it can be a challenge to balance the need to protect and secure data with the need to promote internal knowledge sharing. But it doesn’t have to be the case.

, , ,

Abby Clobridge is the founder of FireOak Strategies. She works with organizations around the world to support knowledge sharing -- including open access, open data, information security -- to connect people to the data, information, and knowledge they need. You can reach Abby at [email protected]


balancing security and sharing

Many organizations have a hard time finding the balance between security and sharing. But it doesn’t have to be the case.

In the corporate sector, we often see companies take a “lock it down” approach, making it tough for staff to share data, information, and knowledge with each other — even if it is critical for their day-to-day work. Collaboration can be a challenge, and staff begin to find creative workarounds to accomplish their tasks. The result is that digital assets begin to leak out into unauthorized platforms, and the security team is constantly fighting battles against unauthorized software and third party cloud services that are being used by employees and partners to circumvent the information security policies.

In the non-profit sector, we frequently see the opposite side of the spectrum. C-level execs don’t always see the value of security for their organizations (“it’s just not a priority”), and attitudes towards security are lax, ostensibly in favor of sharing. But even then, it quickly becomes impossible for staff to find organizational materials as content is stored in a variety of cloud platforms, few, if any, are institutionally-managed. In these instances, common pain points from staff include “we can’t find anything,” “you have to know who to ask,” and “we waste a lot of time hunting for information.”
Information Security isn’t only about locking stuff down — it is about putting appropriate measures in place to protect digital assets. A good information security program should be designed around the three core principles of confidentiality, integrity, and availability — all of which align with knowledge management.

At FireOak, we strongly believe that sharing and security go hand-in-hand — it isn’t an “either/or” proposition. The goal of a good security program should be to protect the confidentiality, integrity, and availability of an organization’s data and systems, while doing so in a way that doesn’t impede an organization’s ability to fulfill its mission or meet the needs of stakeholders.

Through appropriate governance, policies, technical infrastructure, and processes, your organization can strike the right balance between the two, regardless of whether you’re working in a highly-confidential research & development environment or at an organization with a strong emphasis on publicly sharing research outputs. Design your security program — and implement information security tactics — based on your knowledge management goals, not the other way around. Doing so will make it possible to ensure that your organizational information and data is accessible, usable, findable, and discoverable — by the people who need it, when they need it, and how they need to access it.

FireOak Strategies: we approach information security from a knowledge management perspective.

FireOak Strategies is a boutique consulting firm that helps organizations manage, secure, and share their knowledge. We bring clarity to complexity, look for elegant and simple solutions, and make sure that organizations are focused on solving the right problems. Learn more…

Manage, secure, and share your organizational knowledge


Browse articles by topic:


Read more articles:

More from the FireOak team about managing, securing, and sharing knowledge