Enhancing Organizational Knowledge Sharing and Information Security

Case Studies

Enhancing Organizational Knowledge Sharing & Information Security

About this Client

Small nonprofit organization — approximately 50 FTEs.

Headquarters: Southeast Asia

Additional offices in several countries in Asia, Africa, and Latin America

Contacted FireOak to conduct a data and knowledge management assessment.

The Client's Situation

For many organizations, making information, data, and knowledge findable and discoverable is a daily struggle. Staff members waste lots of time hunting for information, trying to find answers to questions, confirming that they’re using the latest version of files, or combing through folders in shared drives to learn about what’s going on or see what information they might be missing.

These problems have become increasingly commonplace over the past decade, in part because of the proliferation of cloud platforms. The availability of many free and low-cost cloud platforms empowers employees to adopt these tools in an attempt to solve their own knowledge management issues. But this type of cloud platform sprawl leads to even more fragmentation, making it that much harder for staff to find, adopt, re-use, or build upon existing organizational knowledge.

One non-profit discovered that these challenges were frustrating staff to such a degree that it was starting to impact morale. Furthermore, senior leaders were concerned with the resulting waste of time and resources.

Staff were eager to take advantage of their colleagues’ and the organization’s collective knowledge and expertise, but finding, accessing, and discovering information and knowledge wasn’t possible with the systems and processes that were in place.

This particular organization was relatively small — approximately 50 FTEs — and spread out across multiple locations. They had a few people on staff who often answered technology-related questions, but no one was in a position to develop a strategy for how to best manage, secure, and protect information, data, and knowledge.

The breaking point for this organization was a series of security incidents. A key executive’s laptop was stolen, raising fears that confidential data was exposed. Other senior leaders experienced hard drive crashes and lost mission critical data because of cloud sync failures. And the entire organization was experiencing a high level of password fatigue. Most staff members were logging into a tremendous number of accounts on a regular basis — their desktop or laptop computer, email, timesheets, payroll, CRM, project management platforms, Dropbox, multiple online community platforms, accounts payable, and more.

The organization’s Chief Financial Officer (CFO) turned to FireOak Strategies to fully diagnose the situation and develop a plan to address these challenges in a meaningful, practical, and cost-efficient way. We were engaged to develop an information and knowledge management strategy and roadmap.

A New Perspective & New Insights

While many of the symptoms of information and knowledge management challenges manifest themselves in similar ways, the root causes are different for each organization. Organizational culture, staff members’ roles and responsibilities, internal processes, technology tools and infrastructure, and information/data governance all impact how organizations can manage, secure, and share information, data, and knowledge.

In order to make sure we’re solving the right problems, we need to first identify the root causes that are leading to today’s pain points, bottlenecks in knowledge flow, security gaps, or other problems. To get to this diagnosis, we always start with a discovery process.

In this case, we interviewed staff members, facilitated focus groups, reviewed documentation, and conducted a comprehensive evaluation of the current technology stack. We wanted to hear first-hand from staff about what was going on. But we also validated what we heard by analyzing documents such as organizational policies, technical diagrams, system logs, and procedures, and conducting a hands-on technical assessment of how key operational systems were configured.

Unlike most knowledge management assessments, our discovery process included a technical vulnerability assessment that addressed on-premises systems and a deep-dive into three core enterprise cloud platforms (Salesforce, Google, and Office 365).

The discovery process revealed a number of holistic issues within the knowledge lifecycle — i.e., the ways in which information, data, and knowledge were being created, captured, described, shared, and re-used. No single element of the technology stack or particular process was inherently flawed; rather, it was the sum of the parts that was leading to staff frustration, organizational inefficiencies, data loss, and other security-related problems.

Organizational culture played a big role too; staff were encouraged to find their own solutions to problems, which translated into a proliferation of shadow IT platforms where organizational data, information, and knowledge were stored.

A Unique Approach, Transformative Results

Staff members were generally aware of the day-to-day, operational challenges associated with having an unnecessarily high number of disconnected platforms — the number of passwords they must maintain, the inability to search across platforms, lack of access to platforms used by other departments, creating new accounts/buying new licenses for new staff, slow onboarding when new interns and staff join the organization, and so on.

But when we brought our findings to management, the leadership team was surprised to discover the extent to which these issues were leading to security issues and creating unnecessary risk for the organization. Issues that they had thought of as annoyances, such as needing to use separate accounts for every cloud platform, were causing measurable harm to the organization. For instance, staff were re-using the same passwords across dozens of sites, making it easy for attackers to gain access to staff accounts — and confidential organizational data — in Office 365.

Going above and beyond the initial ask is characteristic of our working style and part of our ongoing commitment to our clients. We often uncover information security issues during the discovery process that should be remediated immediately, not after our engagement ends. So we work closely with our clients to put out fires and solve critical problems as soon as we spot them.

Our recommendations and roadmap for moving forward included a prioritized, actionable, cost-effective plan for addressing information security gaps as well as practical ways in which they could make it easier for staff to find, manage, share, and re-use organizational information and knowledge. Several platforms that project teams and departments had adopted were being used for purposes that were available from within Office 365. As a result, we recommended eliminating several unnecessary platforms, leading to substantial savings for the organization.

Because of our work together, the organization was well-positioned to take the next steps to enhance how information and knowledge are managed, shared, and secured. Our strategy was designed to help the organization become more effective while also strengthening how information and data are protected. Our implementation roadmap included sequenced action items for addressing information security gaps, drafts of key information governance policies, and a playbook for change management.

About our clients

FireOak Strategies serves all types of clients, but we specialize in working with nonprofits, private sector companies, international organizations, and higher education.

Start the conversation

Reach out to schedule a time to talk. After we understand what you hope to accomplish and what problems you’re trying to solve, we’ll put together a custom proposal and work with you to get started on your consulting engagement.