Keeping Organizational Knowledge within the Organization

How do you keep sensitive information private? Ask most people that question, and the answers will involve passwords, encryption, firewalls, and the like. To be sure, these are all useful tools for helping to prevent unauthorized access to information.

Why companies are shifting to Q&A as the new format for knowledge management. Download now (pdf)

Yet there is another, often overlooked gap within information management strategies that can easily cause sensitive information to leak outside of an organization: The risk that poor knowledge-management practices will encourage your users to leak sensitive information to third-party environments—not because the users are malicious, but because they can't find what they need internally, and they turn to the outside world as a result.

That's a threat that no amount of encryption or access control can completely mitigate. This is why designing a knowledge management system that keeps private information within your organization is critical.

How sensitive information can escape your organization

To illustrate the problem, let me share a personal anecdote.

Once upon a time, back in my student days, I was trying to figure out how to connect my Ubuntu PC to the university’s VPN. Since my university’s official documentation pages didn’t include information about VPNs and Linux, I turned to Google. Lo and behold, I found a third-party website that explained how to connect to my particular university’s VPN from Ubuntu. The page had apparently been created by another (anonymous) Linux-loving student who had faced the same dilemma as me and wanted to share the solution with others.

I was grateful to whoever had taken the time to create that site. But he or she had made one small but potentially significant oversight: The VPN configuration instructions included a plain-text username and password within a sample configuration file that would have allowed anyone to connect to the VPN using the author’s account credentials.

It’s entirely possible that the username and password I found in the VPN configuration were not real (although they looked genuine). The author may just have included them as examples. I never tried logging into anything with them, so I don't know.

Still, this anecdote drives home an important point about knowledge management within an organization: When users can't find what they are looking for inside your organization and turn to outside resources to share and access knowledge, your data security is at risk due to data seepage.

This isn't an unusual scenario. Similar things can happen when a developer can't find the documentation she needs internally, and turns to an Internet forum, where she might accidentally paste some code that contains sensitive data. Or employees could form private instant-messaging groups on third-party platforms where they discuss work-related information, which is not a very secure thing to do (because someone else controls the chat platforms). Organizing knowledge to protect organizational knowledge

Again, passwords, firewalls and other code-based solutions won't protect your organization from the types of leaks described above. You need instead to focus on processes and functionality to ensure that sensitive information about your organization remains within your organization.

The best way to do that is to provide your employees and other stakeholders who need access to organizational information with knowledge management tools that make it easy for information to flow within the organization. Those tools should be:

  • Flexible, so they can accommodate many different types of knowledge and different approaches to knowledge sharing.
  • Dynamic, to ensure that the information they contain is up-to-date (or is easy to update, if necessary).
  • Easily discoverable by any user who should be able to access them.
  • Interactive when necessary, so that users can ask questions or seek clarification from within the organization, instead of going outside it.

Protecting your knowledge management systems with firewalls and encryption will certainly help to keep sensitive information private, too. But that's only part of the battle. When you empower your users with knowledge management tools that make it easy for them to manage and access all of the knowledge they need within the organization, you put yourself in a much stronger position to prevent costly information leaks.

See how Stack Overflow for Teams can transform collaboration within your organization. Learn more

Login with your stackoverflow.com account to take part in the discussion.