Information wants to be free, but some information has to be private

One of the greatest tensions in the transition to social tools in the enterprise is that between the benefits of openness and the need for access to confidential information to be managed carefully.
There are numerous use cases where information has to be kept confidential. Some instances are regulatory — like the US Federal government requirements for keeping people’s health data confidential and secure — are some are motivated by business rationales — like keeping trade secrets secret, or contractual requirements about confidentiality between business partners — or purely cultural drivers — like not allowing salary data to be shared freely among employees.
Nonetheless there are numerous business contexts where locking down information is a key concern. One way to consider this is to start at the outer edge, where the most extreme levels of security are in place, and then ramp back toward total openness — everything published openly on the web — in a step-by-step fashion.
Total security requires physical lockdown of information, and sharing only in secure facilities where no possible electronic or photographic copying is allowed. This is the sort of thing that governments use of state secrets.
The next level allows electronic transmission of documents, but not in the loose fashion that most of us use in our business work on a daily basis. There can’t be¬†inadvertent¬†publishing of an email attachment to someone not approved to see, it, for example.
Companies like Intralinks, BoardVantage, and Diligent have created solutions intended to manage the end-to-end security of documents in various use cases, such as the activities surrounding corporate boards, legal, financial, and intellectual property.
Intralinks VIA is a new offering from the well-established Intralinks company, one that is bringing together both serious security and some aspects of modern work management (social networks for the enterprise). I hope to review that offering and its competitors in depth later in the year.
The central premise of a secure digital repository is that the documents must always be in a controlled application. At the core is some sort of secure document repository, and a secured version of an operating environment. This means for example that no screenshots can be taken of a secure document, and standard techniques to manipulate documents, like adding them to email as attachments, must be blocked or managed through plugins. For example, an Outlook plugin might allow copying a file from the repository to an Outlook email, but only if the recipients of the email were all approved to see the document, and were also using secured email clients, as well.
Intralinks has created an inventive promotion associated with the ‘Oops’ moment in people’s lives, when they inadvertently sent out an email with confidential attach to the wrong people and the like. They have created some vignettes called Tales of Sharing dramatizing the downside of these security use cases. They can be found at the Unshare website.
The stories are actually kind of sad, because they all feature people who got their fingers slammed in the door, like the HR VP who emailed out the excel file with everyone’s salary to the entire company.
If you want you can share your own tale of “oops”, here:
unshare share
You’ll be pixelated and your voice will be disguised.
A very clever marketing play, I think.