Securing knowledge assets: how safe is your knowledge?

MOST organizations are naive in their attempts to secure their most valuable resource: knowledge. It is an accepted fact that knowledge resources (assets and processes) are the most salient competitive weapons an organization possesses. Lose this knowledge (or misuse it) and you will find yourself out of business.

**********

WHILE AWARENESS OF knowledge management is budding, in our experience, the security dimension has received the least bit of exposure and debate. Why secure knowledge resources? We think there are three pivotal reasons.

First, today, there are very few factors that can differentiate competitive offerings of products and services. Consider the case of purchasing a computer See how to select a computer. . Today, we have numerous computer vendors from which to choose; most are price conscious and offer competitive offerings. Hence, what makes one individual pick an IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) and one a Dell?

All things being equal, we would argue that it is the belief in the perceived superiority of the organization's knowledge and innovative capabilities in the computer industry that makes the difference. Hence, if an organization were to lose this, their basis for existence would be lost and they would collapse.

Knowledge possessed by an organization helps in generating innovations, making changes to product and service offerings and outwitting competitors. An organization's knowledge resources must be rare in the marketplace, otherwise they will have limited value.

Consider the recent debate of the strategic value of information technology. As argued by Nicholas Carr (Does IT Matter?), information technology, in its generic sense, does not provide competitive advantages for an organization. The reason is simple--it is available to all in the marketplace and hence lacks a differentiating ability.

However, if an organization possess proprietary technology and can use it effectively, then you have a differentiating weapon. An organization's knowledge resources must be proprietary to the organization.

In order to keep it proprietary, we must secure it for unauthorized use, tampering tampering The adulteration of a thing. See Drug tampering. , acts of vandalism and even possible sabotage sabotage [Fr., sabot=wooden shoe; hence, to work clumsily], form of direct action by workers against employers through obstruction of work and/or lowering of plant efficiency. Methods range from peaceful slowing of production to destruction of property. .

Competitive intelligence activities are on the rise and will continue to rise exponentially ex·po·nen·tial
adj.
1. Of or relating to an exponent.

2. Mathematics
a. Containing, involving, or expressed as an exponent.

b. . Competitors are spending a great deal of resources trying to understand an organization's next moves, and competitors are fierce in their efforts to make their opponent's proprietary technology common knowledge in the marketplace. If they are successful in doing so, they will be able to extinguish Extinguish

Retire or pay off debt. the abnormal profits In economics supernormal profit, also called economic rent, abnormal profit or pure profit or excess profits, is a profit exceeding the normal profit. earned by the organization.

Take the case of Coca Cola Noun 1. Coca Cola - Coca Cola is a trademarked cola
Coke

cola, dope - carbonated drink flavored with extract from kola nuts (`dope' is a southernism in the United States) . The formula to make Coke is one of the most closely guarded trade secrets in the business world. Just imagine what would happen if this knowledge were made public? Coca Cola would lose the differentiating capability that helps them earn abnormal profits in comparison to its competitors.

In addition, with the current rise in alliances between organizations, the need for security of knowledge takes on increased prominence.

Organizations have accepted the fact that they must hone in on their core competencies A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):

It provides customer benefits
It is hard for competitors to imitate
It can be leveraged widely to many products and markets.

, and forge alliances for securing their non-core needs.

Alliances call for sharing and relying on a business partner's knowledge. An organization must not only make sure that its internal controls and security protocols are apt, but must also ensure that security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security are in place by business partners. As the old adage goes, you are only as good as your weakest link. An organization must know with certainty how its knowledge will be used by its business partner, where will it be stored and who will have access to it. Regardless of where the knowledge leak occurs--whether it be within the organization or at the business partner's location--the ramifications ramifications npl → Auswirkungen pl  from the leak could be disastrous.

Recently, we have seen an increased number of IT outsourcing agreements, especially those of an offshore nature. Technology sourcing agreements call for providing business partners with access to their critical resources--the knowledge of your business, the data and information on your constituents, and process methodologies.

These are prime opportunities for an organization to suffer serious knowledge breaches--unless they are sincere and holistic in their security protocols and implementation.

Also, the sophistication so·phis·ti·cate
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates

v.tr.
1. To cause to become less natural, especially to make less naive and more worldly.

2. , ubiquity Ubiquity
See also Omnipresence.

Burma-Shave

their signs seen as “verses of the wayside throughout America.” [Am. Commerce and Folklore: Misc. and pervasive nature of technology can be a factor that compromises the knowledge security of an organization. Most use multiple devices for knowledge communications and sharing, and these can range from the office phone and email to use of personal digital assistants, laptop computers, personal computers and so on. This is complicated by the fact that we work and communicate in multiple environments; hence we use these devices in multiple settings.

For instance, we could use our laptop computer at our office to take advantage of the office communication network. Then over lunch we could go to the neighborhood cafe and use an open wireless connection. Then at home we can have a personal communication network that taps into a local Internet Service Provider Internet service provider (ISP)

Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. . The use of heterogeneous devices over heterogeneous environments Using hardware and system software from different vendors. Organizations often use computers, operating systems and databases from a variety of vendors. Contrast with homogeneous environment. makes the act of securing knowledge exponentially difficult, because an organization has a larger space of devices, gadgets, environments and systems to monitor and protect.

With the increase in hacking See hack and hacker. , spamming, spyware, worms, viruses and other nuisances that intercept, harm, sabotage and destroy electronic networks, knowledge communications over electronic networks are increasingly at risk. However, it is not only communication over electronic networks is that at risk.

Even if we are fully capable of securing communication mediums, we must still be concerned with the devices on which the data and information reside. For example, if an executive loses his laptop on which strategic knowledge documents of an organization are stored, it could be used by unscrupulous individuals to their advantage with ease.

Taken in aggregate, securing knowledge is important and a strategic imperative for organizations. However, securing knowledge is not any easy feat to accomplish. Organizations are still grappling with information security issues. Securing knowledge is more difficult, tedious and cumbersome than securing information.

Information, for all intents and purposes Adv. 1. for all intents and purposes - in every practical sense; "to all intents and purposes the case is closed"; "the rest are for all practical purposes useless"
for all practical purposes, to all intents and purposes , is a product for particulars, financial records, et cetera ET CETERA. A Latin phrase, which has been adopted into English; it signifies. "and the others, and so of the rest," it is commonly abbreviated, &c.
     2. Formerly the pleader was required to be very particular in making his defence. (q.v. . Due to its nature as a product, securing it calls for ensuring that information is tagged, stored in a secured location, accessed by authorized personnel and transmitted over secure communication lines to designated recipients. These activities are no different than what would be required to secure any kind of raw material or product.

But knowledge is more than a product. Knowledge is fluid, dynamic and more mobile than information. Unlike information, knowledge is not easy to capture. Knowledge resides in the minds of the employees, is embedded Inserted into. See embedded system. in work processes and is captured in product and service offerings.

Moreover, unlike information, knowledge is in a continuous state of flux Noun 1. state of flux - a state of uncertainty about what should be done (usually following some important event) preceding the establishment of a new direction of action; "the flux following the death of the emperor"
flux . Knowledge changes its state as it is exchanged between individuals and entities; knowledge is represented in actions. Knowledge about customer behavior comes from the insights one receives from the analysis of customer purchasing behavior (information), and also based on the context, experiences and know-how applied to that information. If two individuals are presented with the same customer information, they will each draw different insights. If the two engage in a dialogue, their knowledge about customer behavior will change further. Due to its evolving nature, knowledge is difficult to pin down and capture.

So how do you get started on securing your organizational knowledge? We offer steps to get you started.

First, conduct an organizational knowledge audit. You must identify and value before you can begin to secure. The knowledge audit must be systematic and holistic. Key issues in conducting a knowledge audit include: the identification of knowledge assets; the identification of knowledge assets creators, owners, hoarders, distributors and users; the valuing of knowledge assets; assessing threats to these knowledge assets and the personnel interaction with the assets; and assessing the implications of knowledge assets to the competencies and competitive advantages of the organization.

Once knowledge assets are identified, we must understand the governing dynamics of how they are used. This will call for conducting a thorough analysis of the various organizational actors than interact with the given knowledge asset. Valuation of knowledge assets is a difficult yet salient task. While all organizational knowledge is valuable, we must ask: Is the knowledge asset in question rare? Is it nonsubstitutable? Can our competitors imitate im·i·tate
tr.v. im·i·tat·ed, im·i·tat·ing, im·i·tates
1. To use or follow as a model.

2.
a. and duplicate the knowledge asset? Answering these questions will help us understand the true value of our knowledge assets.

For instance, if a knowledge asset that we posses is easily imitable im·i·ta·ble
adj.
1. That can be imitated: the imitable sounds of a bird.

2. Worthy of imitation: imitable behavior.  by our competitors then we must either increase the difficulty for imitating it, thus deterring our competitors from expelling ex·pel
tr.v. ex·pelled, ex·pel·ling, ex·pels
1. To force or drive out: expel an invader.

2. the cost to do so, or we must create backups and alternative knowledge assets that are more difficult to imitate. Once we ascertain the value of our knowledge assets, we must enumerate To count or list one by one. For example, an enumerated data type defines a list of all possible values for a variable, and no other value can then be placed into it. See device enumeration and ENUM. the threats. This is where we must be clear on the significance of the threat.

The significance of the threat and the associated value of the knowledge asset would determine the managerial intervention necessary to secure the asset. If the significance of the threat is high but the value of the knowledge asset is low, we must be concerned--but simple economics dictate that we will not have enough resources to attend to the knowledge asset in a holistic manner.

The last component of the knowledge audit is to link the knowledge assets possessed by the organization with the overall mission, competitive strategies and core capabilities of the organization. This step is critical to determining and segmenting knowledge based on its contribution to the core of the enterprise and what can be considered as auxiliary. The knowledge audit is only the first step. However, if done properly it will be an excellent foundation for the knowledge security program of the organization.

Using the knowledge audit as a background, we must now dig deeper into the issue of vulnerabilities. We have already uncovered the people who own, create, store, distribute and apply knowledge. Now we must ask how vulnerable the organization will be if these people decide to leave the organization or act with guile (i.e., misuse knowledge).

For instance, if one of our chief innovation scientists decides to leave the organization, will they take with them knowledge that is not documented or available to others in the organization? If so, we have a problem, as a significant amount of research effort could be halted. Moreover, what happens if all the individuals who distribute knowledge or computer systems such as email malfunction mal·func·tion
v.
1. To fail to function.

2. To function improperly.

n.
1. Failure to function.

2. Faulty or abnormal functioning. ? In the case of humans, this could be caused due to a grievances with the organization resulting in a strike or boycott by the workers, and in the case of computer systems, a virus or hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. may cause damage. What will be the effect on the overall health of the organization?

Assessing vulnerabilities is never an easy task, as it calls for lowering our pride. However, make no doubt about it: You better believe that your adversaries are enumerating your weaknesses, as this is how they can exert competitive and other influences over your organization. Using the knowledge audit and the vulnerabilities assessment, you must now decide on the most appropriate security strategy for your particular needs.

Kevin C. Desouza is the President and founder of The Engaged Enterprise and is the director of its research institute: Institute for Engaged Business Research [IEBR IEBR Institute of Ecology and Biological Resources (Hanoi, Vietnam) ]. Desouza has authored over 80 articles for prestigious business and academic journals. In addition, he has written Managing Knowledge with Artificial Intelligence (Quorum A majority of an entire body; e.g., a quorum of a legislative assembly.

A quorum is the minimum number of people who must be present to pass a law, make a judgment, or conduct business. Books, 2002), and has co-authored Managing Information in a Complex World (M.E. Sharpe Inc., 2004).

Yukika Awazu is the Vice President and co-founder of The Engaged Enterprise and is a senior research fellow at IEBR. Awazu has authored a dozen articles for prestigious business and academic journals. Desouza and Awazu are currently working on a book, Engaged Knowledge Management, whish is slated to be published by Palgrave Macmillan in 2005.

COPYRIGHT 2004 Japan Inc. Communications
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	InDepth
Author:	Awazu, Yukika
Publication:	Japan Inc.
Date:	Aug 1, 2004
Words:	1940
Previous Article:	Navigating the new media: why today's advertisers need to be super-savvy.(Upfront)
Next Article:	The next Izanagi Keiki? Japan's economic recovery looks built to last.(InvestorInnsight)

Related Articles
Tibet reveals its squishy underbelly. (molten rock lies beneath Tibet)
Groom Your Own For Future Openings.
Database and Network Journal 2001 - Product Reviews.
Precise/Indepth for IBM Websphere. (Management Data).(Brief Article)
Feedback.(Letter to the Editor)
DHB sector group is making progress on priorities.(sector reports)
Witness Systems adds to eQuality suite.(New Products)(Brief Article)
More on batteries ...(Letters)(Letter to the Editor)
CGI banks on VERITAS Software for J2EE application performance management.(VERITAS Software Corp., CGI Group Inc.)
Fear Less.(Book Review)