How to balance Information Security with Information Accessibility.

We all use information to live our lives. Whether it’s renting a flat, booking a holiday or selecting the ripest avocado at the supermarket – all our decisions are based on data, conscious or not.

This naturally extends to our professional lives, where information is, in an ideal world, plentiful. In a professional context, our increased need for rationality leads us to look for the most direct paths to justify our positions, and usually this means finding some data to support a plan of action. This data-centered approach is fundamental to Aiimi’s philosophy and underpins the strategies we plan for ourselves and recommend to our clients. I’d say we can distill rational decision making into four ‘pillars’:

1. The availability of information
2. The quality of this information
3. The ability of an operator to interpret and use the information
4. The effectiveness of communicating the conclusion

This blog post is principally concerned with the first of these pillars - availability of information. Without a foundation of available data that can be accessed quickly and conveniently, all subsequent processes just can’t function.

How is information discovered in a business, and how is it concealed? How can enterprise search be used to hunt for not just information that’s obvious, but also the information that is most useful? And how can we discover that a gap between those datasets – what is obvious and immediately accessible, and what is most useful – exists?

How data goes missing

There are many common business procedures that, while helpful for some processes, tend to make data less accessible.

These processes often stand in stark contrast to the ‘age of information’ in which we now operate, where Data Is King and information is a valuable commodity. One example is increased use of information silos, which is a big cause of information loss.

Let’s say Team 1 has some data which they’ve either sourced or produced themselves, or have engineered in such a way to produce insight that helps them out. Meanwhile, Team 2 are working on a project for which this data would be hugely valuable, but they’re entirely unaware of its existence. This creates two resource pitfalls - Team 2 either proceeds without the data and reaches a less valuable or justified conclusion than they would have done if they’d been able to use Team 1’s information, or they waste time and energy reproducing the information that Team 1 have already compiled.

But Data reproduction is not the only barrier to effective information management.

At Aiimi, we decided to analyse the openness and accessibility of our own data across our repositories using InsightMaker. After all, our clients trust us to make recommendations to help them manage their information in the best way for their employees, so why should we be exempt from our own process?

This analysis revealed the true largest barrier to accessing information: our own security practices.

There’s a basic principle of modern information security which is well-known to anyone with a government or intelligence background: respecting ‘Need-To-Know’. If someone doesn’t have an identifiable need to access something, they probably shouldn’t be able to. Of course, this doesn’t apply to everyday documents intended for employees, like workplace policies, but how often is this disseminated in the correct manner?

The documents that often fall through the cracks of the permission-setting process are those which are initially created with a handful of specific collaborators in mind, but which could actually prove very useful to other colleagues in the future.

This type of foresight is what is failed by the Need-To-Know approach. Think about how the marketing collateral produced by a salesperson could be useful to a consultant on a pre-sales engagement in six months’ time, as an example.

How we store and access documents

So, back to the analysis of Aiimi repositories using InsightMaker which I mentioned earlier. The results of these internal file visibility tests were striking.

Across the last six months of InsightMaker searches by Aiimi employees, we found that, if existing file access permissions were to be disregarded:

• 58% of searches would’ve had a different top result.
• 87% of searches would’ve contained a new result on page 1.
• 14% of searches would’ve had an entirely new result set on page 1.

This shows an astonishing volume of “hidden” data returned by our search ranking algorithm.

Of course, information security and access permissions could never be entirely ignored in an organisation - many documents are necessarily locked away from most users for legitimate data privacy reasons. However, we found that these were not the documents that our teams were searching for internally.

Most search queries were seeking one of a few different document types:

• Design assets, such as document templates
• Marketing collateral used for previous pitches, conferences or hackathons
• Sales documents used for customer engagements

In virtually all contexts, the target information was not confidential at all – its existence was likely already known to the searcher and the file was simply stored on a personal OneDrive without open access permissions. We found that the most common locations of the “hidden” documents and files appearing in the top results corroborated this hypothesis.

Our analysis also highlighted another aspect of information discovery – how users interact with their myriad data repository options.

Modern employees tend to be pretty able and willing to adopt cloud storage options to facilitate information sharing, but this has its limitations. Documents are still frequently emailed to a single recipient when what we should be asking ourselves is: Could this be useful to others, and should it therefore be stored on a common repository such as SharePoint?

I’m no UX expert, but it’s possible that the Windows Explorer integration of Microsoft OneDrive predisposes us to storing documents in personal areas, when they could be better saved to a team SharePoint site.

How to find more and re-create less

In response to more progressive attitudes toward data management, we’re now seeing the emergence of the Data Steward. This role exists in many organisations to facilitate information sharing across lots of disparate teams. This goes a long way toward mitigating the issues discussed previously, as it makes knowledge exchange the primary focus of an individual or team.

The crucial next frontier in the journey towards making more information accessible to all is putting the right tools into data stewards’ hands. When a search goes right, great. When a search is unsuccessful, we want administrators of data sources to know about it.

The R&D team at Aiimi (known as Aiimi Labs) are actively working on effective ways to surface and manage alerts about when users appear to be searching for something they don’t have access to. In most cases at Aiimi, we’ve seen that there’s no reason why they shouldn’t be able to find and access what they’re looking for.

If there's one thing this analysis has highlighted, it's that security needs to work in concert with information accessibility. We have to allow people access to the information they need to do their job, so we can all work safer, easier and happier.

While you’re here, take a look at how InsightMaker can help you discover, manage and govern your organisation’s information.