Enterprise Collaboration: Six Steps to Secure Sharing

By Oscar Berg (@oscarberg) Nov 7, 2011

Andrew Carnegie believed that the only irreplaceable capital an organization possesses is the knowledge and ability of its people, and that the productivity of that capital depends on how effectively people share their competence with those who can use it. If this was true a hundred years ago, it must be even truer today as organizations face an increasing pace of change and are becoming more knowledge-intense, relying on a core of highly collaborative and specialized knowledge workers who are geographically dispersed.

Today, the only feasible way for employees to share their competence efficiently with their colleagues is often to share it with digital means. This applies not only to competence but also ideas, experiences and any information we need to make the right decisions Although there are many ways to share information digitally in efficient and effective ways today, as is proved daily on the social web, many of the new technologies and practices have remained fairly unexploited. This suggests that many organizations are still ignorant about the importance of sharing and its impact on their performance.

When Sharing is Hard People Find Workarounds

When it is hard to share information, people are less likely to do so. Many ask themselves why they should make the extra effort required to share their information if they don't see a clear personal benefit. When it is hard to share information, people also tend to find workarounds that make the effort as low as possible when they really need to share something. That’s typically why people are sharing confidential information via email, USB sticks and external web services, or why they keep such information in places where it is easily accessible but not very secure.

A common reaction to this from IT departments is to do what they can to make people stop using these workarounds. Few take the opposite approach; trying to make secure sharing easy. This is rather strange, especially considering that sharing information is essentially about enabling better decision-making. When you have timely access to all the information you need, you also have the ammunition to make the right decisions at the right point in time. Sharing must of course be done in a secure way, but never so secure that sharing doesn’t take place or that people find themselves forced to revert to less secure ways of sharing. So why isn’t sharing made easier? Why aren’t our digital work environments more open and transparent than they are?

We Underestimate the Risks of Closed Systems

I believe the reason for this can be found in David Weinberger’s live blogging notes from a conference session in 2008 where he quotes James Boyle, chairman of Creative Commons and professor of law at Duke:

We have patterns of behavior that economic theory does not predict. We are risk averse. For example, it makes no sense to buy a warranty; we buy them out of an absurd sense that buying the warranty affects the device’s outcome. There is another kind of bias that we wouldn’t predict from economic theory: A systematic bias against openness. We don’t expect openness and collaboration to generate what they do. We overestimate the risks. We underestimate the risks of closed systems and overestimate closed systems’ benefits.

Yes, we are risk averse. The problem is that we fail to see or acknowledge the risks which are associated with not being open and sharing, such as bad decision making, sub-optimization, redundant work and low levels of reuse. Lack of openness and transparency inevitably also leads to trust failure, which means that people share and collaborate less. Organizations become less productive, less innovative and less capable to adapt to changing conditions.

Design Systems to Be Open by Default and Then Work with the Culture

When the information systems we use are designed based on the "need to know"-paradigm it is difficult to make people adopt a "need to share" mindset. That is why information systems should be designed to be open by default. Everything should be made accessible unless there is a very good reason not to. Although there need to be easy ways to restrict access if needed, openness should the normal and secrecy the exception. Protecting something, at least within the organization, should require a motivated decision and an active effort to set the proper protection. If something is worth protecting, it should also be worth the effort of actively protecting it.