Security and Sharing: Balancing Knowledge Management (KM) with Information Security
Many organizations have a hard time finding the balance between security and sharing. But it doesn't have to be the case.
In the corporate sector, we often see companies take a "lock it down" approach, making it tough for staff to share data, information, and knowledge with each other -- even if it is critical for their day-to-day work. Collaboration can be a challenge, and staff begin to find creative workarounds to accomplish their tasks. The result is that digital assets begin to leak out into unauthorized platforms, and the security team is constantly fighting battles against unauthorized software and third party cloud services that are being used by employees and partners to circumvent the information security policies.
In the non-profit sector, we frequently see the opposite side of the spectrum. C-level execs don't always see the value of security for their organizations ("it's just not a priority"), and attitudes towards security are lax, ostensibly in favor of sharing. But even then, it quickly becomes impossible for staff to find organizational materials as content is stored in a variety of cloud platforms, few, if any, are institutionally-managed. In these instances, common pain points from staff include "we can't find anything," "you have to know who to ask," and "we waste a lot of time hunting for information."
Information Security isn't only about locking stuff down -- it is about putting appropriate measures in place to protect digital assets. A good information security program should be designed around the three core principles of confidentiality, integrity, and availability -- all of which align with knowledge management.
At FireOak, we strongly believe that sharing and security go hand-in-hand -- it isn't an "either/or" proposition. The goal of a good security program should be to protect the confidentiality, integrity, and availability of an organization's data and systems, while doing so in a way that doesn't impede an organization's ability to fulfill its mission or meet the needs of stakeholders.
Through appropriate governance, policies, technical infrastructure, and processes, your organization can strike the right balance between the two, regardless of whether you're working in a highly-confidential research & development environment or at an organization with a strong emphasis on publicly sharing research outputs. Design your security program -- and implement information security tactics -- based on your knowledge management goals, not the other way around. Doing so will make it possible to ensure that your organizational information and data is accessible, usable, findable, and discoverable -- by the people who need it, when they need it, and how they need to access it.
FireOak Strategies: we approach information security from a knowledge management perspective.
About the Authors
Abby Clobridge is the founder of and lead consultant at FireOak Strategies, LLC. Eric Smith is FireOak's Chief Technologist. Abby, Eric, and the rest of the FireOak team are dedicated to putting the "information" back into "information security," and shifting the focus from technology to a more holistic (and realistic) view.