Knowledge management fallacies: access control is key

Organizations that are straitlaced about providing employees with unrestricted access to information cannot expect them to have a different attitude towards sharing knowledge with each other. A number of organizations share information with employees only on a need-to-know basis. For any given employee, very little (relatively) information falls in the need-to-know category. She is cut off from information that she might just be curious about. But wait, isn't this a good thing? Why distract employees with useless information? Fair enough, don't push unnecessary information to everyone. But don't hide it behind access control either. Someone might just find a serendipitous use for the information. A better approach might be to just hide the information that absolutely needs to be hidden and free everything else up. Rather than share on a need-to-know basis, protect on a need-to-hide basis.

Wikis are a great example of a technology that turns access control on its head. In a typical wiki, not only can everyone read everything by default, they can even edit anything. This feature used to invite ridicule in traditional departments. But the adopters mostly thrived. Hell did not break loose. Wikis have a robust cure for mischief. It is called "revert to earlier version". Authentication is essential. Authorization is less so. Author traceability discourages frivolous edits.

There is also the issue of scale. Preventive access control doesn't scale. What scales instead are mechanisms that offer cheap cures in case of problems. This is commonly accepted when we build applications for the web. Client server applications used to rely on a mechanism called pessimistic concurrency that tries to prevent problems while web scale applications rely on optimistic concurrency, i.e. taking corrective action in case of problems.

In a fast paced world you can't wait to ask for permission at every turn. We have an unwritten code that helps move things along at ThoughtWorks: Ask for forgiveness, not for permission. A friendly access control regime lowers barriers to participation. And participation is absolutely key to the success of any knowledge management effort.

No comments:

Post a Comment