To solve the toughest problems and develop optimal solutions, your engineers and other technical professionals must locate information scattered across business units, geographies, directories and systems. To effectively enable knowledge discovery across the enterprise, you must be able to answer this fundamental question: “How do we enforce proper security for one content source and yet allow discovery in another content source?”
- The product data management archive contains secure content, including some restrictions backed by legal agreements. How can we ensure that existing security protocols and permissions are maintained within our new knowledge discovery solution?
- A company was just acquired and senior engineers need to get started understanding what information is available in the new company’s assets. How do we give this team the ability to search and discover content to which they currently don’t have access because of file permissions issues?
These are only two examples of the same basic dilemma: You need the ability to enable strict security controls and occasionally the need to selectively override security without losing control. The answer lies in an enterprise knowledge discovery solution with an adaptive set of controls functioning at different levels in the application.
You will ask a lot of your enterprise knowledge discovery solution—can it answer and respond to the challenge?
An effective knowledge discovery solution unlocks your organization’s technical knowledge regardless of where it “lives,” using knowledge discovery and analysis tools that go beyond traditional search to deliver answers and distill information into highly relevant, actionable insights. When researching available knowledge discovery options, organizations should consider the answers to these six important information security questions:
1. What kind of internal knowledge can be searched with an enterprise knowledge discovery solution?
Out of the box, an enterprise knowledge discovery solution has to be “connected” to many different commonly used content sources such as Windchill®, SharePoint, relational databases, shared drives, websites, IBM Notes (formerly Lotus Notes), Documentum, Teamcenter and more. If your company has uncommon content sources (or even a proprietary content source for which a standard connector does not exist), then a custom solution must be available from the vendor. In the case of highly-sensitive or confidential information, there must be an option to allow you to create your own connector.
2. With documents and data coming from any number of shared drives, repositories, or enterprise systems, how are permissions managed?
To use a single enterprise knowledge discovery solution to search content stored in various sources with differing security models, the solution must support many different approaches to obtain the security settings. If you need to enable strict security, the access restrictions specified by these security settings must then be able to restrict access on a document-by-document basis (i.e., document level security). In this way, individuals only see results from documents they have access to in the target content source. Such systems should periodically go back and check security settings. That way, even if a specific document’s contents haven’t changed, the solution will identify changes to the access list and correspondingly show changes to the search results based on each individual user.
3. How do you avoid exposing data to users who shouldn’t have access to it?
Ideally, a solution will offer two primary levels of security: one at the content source level and the other at the document level. Your company needs tools and options to make decisions regarding who should or shouldn’t have access to the information. To avoid accidentally exposing a user to confidential or sensitive data, enterprise knowledge discovery solutions should default to not showing any results from a given content source. That way, you can make a conscious decision about the information and whether it should (or shouldn’t) be made available to selected users or groups or to the entire user community. If, for example, you want users to get results from a content source they don’t have access to, an enterprise knowledge discovery solution should let you determine which users do have access and then limit how much information is shown to the end user.
4. What if I want to selectively override security without losing control?
There are various reasons why a company may want people to know about content that those individuals don’t have access to. For instance, right after a merger or acquisition, users at Company A probably don’t have network access to content on Company B’s drives. It could take weeks or years to go through and properly grant access to folders after the merger or acquisition. Using the proper enterprise knowledge discovery solution, companies can quickly index the content (with DLS disabled), and give Company A’s users access to search that content source. That way, those users can search content on Company B’s drives. Put simply, they can do the discovery, but they’ll still need help from someone at Company B to retrieve the file. To match content specific needs, each knowledge base on an enterprise server may contain a different combination of knowledge base access and DLS.
5. What security controls should a knowledge discovery solution for the technical enterprise integrate with?
Solutions should conform to the security protocols used for local files on a shared drive as well as those used in commonly used platforms such as SharePoint, IBM Notes, eRoom and Livelink. If you’re using a custom connector to access the content, then the only limit to providing security controls like DLS is getting access to the information in the target system. Custom connectors can also be developed to map user names in a target system over to active directory user names for compatibility.
Picking the right enterprise knowledge discovery solution is not an exercise that should be taken lightly.
