Tag Archives: Information Maturity Level

SharePoint and Information Security

Interesting survey was recently published by Cryptozone on SharePoint security. The results are evidence of need and importance of information management governance and proper, upfront design of the information systems. It appears that in most of organizations, the responsibility for assigning of the access rights to SharePoint documents still belongs to IT Administrators, as it was indicated by 69% of respondents. At least this segment of users knew who was in charge; in contrast to 22% who did not even know who managed it. The problem with ceding of the responsibility for content protection entirely to IT is that IT primary focus is on maintenance and configuration of the technical infrastructure, but with limited knowledge and understanding of the content and its specific protection needs. IT cannot and should not make decisions on how particular type of information should be protected, and who should have access to it.

So who should be responsible for making such decisions? The answer seems to be intuitive – the business – but 43% of respondents said that they do not trust document authors to control who should read their documents. This would indicate that most of the users have low levels of awareness and understanding of the security needs. This seems to be confirmed by another set of responses that indicated that over 45% of users did copy sensitive and confidential information to unprotected USB memory sticks and emails. 55% of these respondents claimed that reason for this was the need for sending necessary information to users without access to SharePoint, with further 43% needing it for working at home. Over 30% of users were more concerned about getting the work done rather than security, and another 47% did not even think about security or did not care.

One of the contributing factors leading to taking documents out of SharePoint’s control, was the need to share it with third parties – over 56% of respondents said that their organizations did not have external portals to help with collaboration outside of the organization.

The bottom line is that this exposes the organizations to risks including legal risks and intellectual property theft. Therefore proper solution would be to give some thought before SharePoint is rolled out, answering questions on how the information is going to flow across the organization, how it is going to be accessed, how users will be segmented by their needs and how it is going to be protected. This should lead to development of information management governance, that would clearly describe roles and responsibilities across the organization, and ways how the information should be distributed and protected. Lastly, the most important step is to make the users aware of the security needs, training them on the policies and periodically reinforcing this knowledge.

Lost cause in records management – convenience copies

I found some interesting facts in recent poll by AIIM “Records Management Strategies – plotting the changes”. As many as 48% of respondents said that although they were concerned of leaving convenience copies of disposed records at the end of their retention period, they did not have a solution in place to address it. It sounds like a paradox, from one side organizations spend millions to implement enterprise content management systems, and on the other hand they leave on the table the key benefits from implementation of such systems and processes. In another, related question, respondents said that their strongest business drivers for ECM, were related to compliance with legislation and industry regulations (45% and 35%), reduction of storage costs (42%), sharing of knowledge (36%) and improvement of litigation performance and reduction of associated costs (35%).  By leaving the convenience copies unattended, all the above drivers are not being addressed, often deluding organisation that they achieved their key objectives. Even if the ‘official records’ are disposed, the organizations are still not compliant with laws and regulations, the storage costs are not reduced, eDiscovery costs will be high as all information will have to be searched, and often the business decisions will be based on outdated information. The missing last step in information management strategy implementation undermines the organizational efforts. This might not be surprising as over 35% of respondents cited lack of board/C level commitment and lack of cross-departmental agreement on how to manage electronic records, as the key obstacle to implement information management strategies.

The lesson learned from this is that groups responsible for implementation of information management within organizations need to work continuously on marketing of ECM and building strong business cases based on hard, measurable benefits. Even if this is done, after the implementation, there must be ongoing effort to accurately monitor the key performance indicators and success criteria. The outputs of these measurements should reinforce the marketing messages, helping in getting required support.

Transition – Data, Information, Knowledge, Wisdom

I looked at the relationship between the concepts of Data, Information, Knowledge and Wisdom in one of my previous posts. At the time however, I was looking from slightly different perspective. In this post I focus more on the factors that influence transition of the collected raw data into totally abstract entity as wisdom.

Concept Definition Factors contributing to transition Abstraction Level
Data Simplest representation of facts such as numbers, characters, graphics, images, sound and video. Initially in ‘raw’ format, needs to be further processed to gain meaning. Associated metadata is required to add context, describing business understanding, format, date/time, importance and others Low
Information Processed collection of data, with associated metadata describing the context. There might be various metadata dimensions allowing creating new information and its meaning based on different aggregations of facts. It is Data in a context. Identification of trends, patterns, relationships and assumption. Medium
Knowledge Awareness, understanding, familiarity, recognition of situational patterns and trends, based on synthesis of collected information that could be used achieve a business purpose. It is Information in a perspective. Acquiring of skills through experience or education. It includes perception, learning, communication, association and reasoning. Medium High
Wisdom Making the best use of knowledge, acting with appropriate judgement in complex and dynamic environments, that actually achieves business purpose. Directly related to maturity but not related to how long the organization is in business. It is applied knowledge. High

 

Graphically this could be presented in form of a pyramid, with increasing maturity and abstraction level.

 

As the abstraction level increases, the concepts become much more difficult to define and describe. For example Wisdom, in contrast to Data, becomes more philosophical idea. The higher the level of abstraction, the fewer organizations could be found utilizing the concept. This is not surprising, due to direct relationship with maturity levels. However, this is the critical factor that differentiates winners from the rest. Most of organizations focus their resources on achieving immediate tactical goals. This works well in short term, but as we can usually see, such organizations survive only in friendly business environment. As soon as the market trends change, such organizations are endangered by takeovers, or breakups. Only few, are able to make such transition, although I don’t think that there are any that fully achieved the Wisdom level. Information management does not contribute directly to products or services that the organizations sell, but like a nervous system in an organism, it is critical to utilization of the available resources to their full potential. The better distribution, sharing and collaboration, the better odds of winning with innovative products, and survival.