It seems an insane irony that amid the more than $60 billion dollars we spend annually around the world on information security, we routinely fail to secure some of the most mission-critical information from a totally obvious risk.
In a state of near-paranoia we burn endless calories quite rightly protecting our information from outside attack - anything from industrial espionage to cyber crime - and yet everyday some of our most important information literally just walks out the door and we do nothing but watch. Moreover, even if important documents don't leave the building or the network we either throw them away or just lose them. Much of this critical data we don't even understand and can't find when we need it.
This isn't a new problem. Take this paper from the Harvard Business School by Anne Field for instance. The paper is from 2003 but it tells of a perfect example from 1994 where a large consumer electronics business lost $1 billion because of lost information badly locked down internally.
"When employees leave, they take vital knowledge with them. Without a process in place to capture that knowledge and transfer it to their successors, it winds up lost forever. As a result, those who follow them in the job take a longer time to get up to speed, important discoveries and insights disappear, and the company's ability to act quickly and intelligently is crippled," says Field.
It is a massive problem and one that is bigger today than it has ever been, in part because of the ease with which employees can remove company information with USB drives and BYOD. But equally, the problem is exacerbated by how so much important information resides in an unstructured form in email rather than drives and filing systems.
Employees don't even think it is wrong to effectively steal a company's information, much less take it to a competitor, as this shocking Symantec report proves:
"Half of employees who left or lost their jobs in the past 12 months kept confidential corporate data, and 40 percent plan to use it in their new jobs," says the report.
In the days of paper-based offices, before computers, filing used to be a rigid discipline, obsessively adhered to. Accessible by everyone - with some exceptions - information was religiously stored, categorised and made available in neat order. It was a full-time job for a great number of office workers for whom "Filing" was a key skill featuring prominently on their resume. Today's equivalent - in paper-based analogy - is each employee owning a massive pile of random papers which they set fire to when they leave, or photocopy and take with them to a competitor. Despite all this information technology, in many ways we have gone backwards.
But, moreover, the categories we have always managed information with have not been helpful: alphabetical, departmental or owner-based. What most employees do - as Bertrand Duperrin pointed out some years ago when ESNs weren't as sophisticated as they are today - is connect the dots laterally:
"Employees spend more attention connecting pieces of information together than solving problems. The shift from a tool-centric to a case-centric environment is necessary," said Duperrin.
The problem may be old, but there is a new solution. The key knowledge that links all this information together is not stored on an employee's hard drive or Random Access Memory, but in their actual memory...in their brain. Only Enterprise Social Networks do a good job of capturing that - as Duperrin envisaged in a different blog post, again before ESNs reached the sophistication they have today:
"Let's think "social" as a functional layer that creates links between tools that are social by nature and the others. That ties structured and unstructured things. That brings people and information together in the context of a business case," says Duperrin.
So the security issue is secondary to a far greater one. Context is so important but email will often fail to capture it. Email collects information in disjointed conversations that are generally relayed in reverse chronological order, seldom complete and rarely linear. ESNs store information in a way that is searchable, project-or-case-based, linear, chronological and contextual - and in a way that is hard to steal and endures long after an employee has left the company.
This is the mission of the ESN, among other things: To capture not only the information and the conversation around it, but to make the context of it patently obvious at a quick glance. Therefore ESNs solves the Harvard problem that Anne Field identifies by highlighting discoveries and insights, and greatly enhancing the company's ability to act quickly and intelligently.
What experiences have you had where this problem is managed well? Let me know in the comments box, I'd be interested to learn more...