Who has not cursed the colleague who mails a hyperlink that wastes your time by dead-end messages like, "access denied", "information object not available"? Even though you know to protect confidential information, why is this so irksome? How can we improve? Two main factors may be at work, one social, that looks hard to fix, one technical that looks maybe...
Social access denied
Such information walls may make you feel excluded, or you might consider for a moment the organization does not think you worthy of this access privilege. Well that is what the people who set up the security system intended; the exclusion, not the feeling. Security experts should work more with user experience designers.
Or you might think the sender is thoughtless or worse to include a broken link, or to send you into a confidential area. No, actually, how could the sender ever know what YOU have access to or not? Is that shared on your profile?
"Link doesn't work. Send me a copy." Done. You have the information, security breach or not, and can finish a work step. On the other side, more work for the sender, less willingness to share in future, the organization slows down just so. Multiply the time it took by number of employees and by how often it happens in a day, week, month, year. How much valuable work time do we waste getting permission or finding other ways around well-intended information silos and access walls?
How would a shift in seeing access denied as an error affect what a recent publication calls Co-Creating a Learning Society?
Technical access denied
Security profiles, role-based access concepts (ever saw a centrally maintained one really up-to-date?), information classification and so on should make sure authorized people find what they need and unauthorized people do not get it or do not even find that it's there. Lots of administrative effort invested for the return to pass a security audit, sometimes be able to track breaches before they make the news, and - unless you work in high security areas - no way to prevent colleagues from collaborating and helping each other out. Now you have a copy, and after a while how will you know when the original was updated? No data tethering. This is the corporate equivalent of what traditional media fight against: illegal copying. Executives are damned if they stop it, and damned if they don't.
Now, while society learns its baby steps in how much more successful collaboration and appreciative inquiry make organizations than the industrial-military command-and-control model, there may be a few technical improvements to remove or reduce the irk factor.
How about soft security?
Wikipedia, itself an example of workable soft security, currently has this quote in its article on the topic:
The idea is to protect the system and its users from harm, in gentle and unobtrusive ways. The opposite of HardSecurity. It follows NonViolence. Instead of using violence, it works architecturally in defense to convince people against attacking and to LimitDamage. It works socially in offense to convince people to be friendly and to get out of the way of people adding value.
What if the messaging system, be it e-mail or otherwise, collaborated with the data server system to give you the access, right there, on demand, based on the credentials that the colleague wanted you to have the data?
I believe this can be realized with the same four techniques Jeff Jonas highlights at the end of his post Big Data Flows vs. Wicked Leaks.
I also believe this means more tracking of your every search and link click. It may be a contributing factor to the recent Google privacy changes.
Anyway, if you have seen anything like access on demand, please share by comment. Thank you.
How about a wiki with a level-access scheme, like public, proprietary, private? Would that give teams and individuals their own secure space to co-create? I am working to set one up, and balancing the delegation of rights administration is not easy. That shall be part of the next post, Privacy by Design.
Recent Comments