The Enterprise Search "Essay Test"—Extended Remix

Andy Moore: One of the value-proposition hallmarks of KM is that "everyone has access to everything," regardless of one’s role, function, org-chart status or—most to the point—access rights. How do you balance "need-to-know" and "appropriate-to-know?"

Jason Hekl: Freely accessible does not always translate to easily findable. Even if all knowledge were freely accessible, users would apply their own filters to staunch the flow of information into a manageable stream. Security and access control will always be necessary. Even without such controls, users could easily miss the "arcane bits of corporate knowledge."

I see three ways to manage those tradeoffs. One is flexibility; don’t make the security and access controls so restrictive or complex that they cannot be easily changed. Second is to invest in the search technology capable of isolating the critical snippets of knowledge in the first place. I would argue this would require more advanced linguistic capabilities to ascertain user intent and context. And third, if you can isolate those knowledge snippets, and categorize them by conceptual meaning and likely applications, you can monitor through analytics if the right people have access to the right information at the right time and adjust your processes and controls accordingly.

John McCormick: There’s no doubt: although not expressly designed to do so, a good search tool will expose the existing frailties of an organization’s information infrastructure. The best approach? Rather than have the search engine determine access rights, design the search solution to leverage the security permissions that are in place at the application layer. Respecting the security permissions that already exist within the information sources being searched means you provide end-user visibility only to the information for which they have security permission. Leaving security to the application, the search tool does what it does best: search.

Jerome Pesenti: The first thing people notice when they deploy an enterprisewide search is how much content is openly available. Because search can unleash much more content than people might imagine, it would be foolish (at least at the start) to use it to bypass security. Security and access control haven’t really harmed KM ecosystems so far; the lack of good tools to find and access the content have.

Vijay Koduri: This raises more of a policy issue than a product issue. Different companies have varying needs for security and access control; for instance, an investment bank focused on mergers and acquisitions might have extremely tight controls on most content, whereas a mid-sized manufacturer of widgets may have far fewer requirements. The purpose of a search tool is to support the varying business requirements, and to integrate appropriately with any security and single sign-on systems that the customer has.

James Waters: If you are truly a search expert, your security comes first. People must choose a search solution that is simple and easy to set up and use. MOST enterprise vendors (the big guys) are so complex and so heavy in security and other ways that the deployment takes months, and actually renders a bad end-user experience because it shows people stuff they cannot have.

Harald Jellum: This question illustrates the need to have search technology tuned to the business function of the individual user. Some corporate functions, such as contact center, require finding the answer quickly, while other functions require more research-oriented answers of relevant information. We recommend addressing the various needs through the search engine’s relevance and prioritization algorithms, and not necessarily through security and access control.

We do not view this as an inhibitor to a KM ecosystem, rather a way to offer precise answers quickly without sacrificing other relevant information. Besides, we rarely come across customers implementing enterprise search with a "need-to-know"/access control strategy. In general, it’s rather the opposite, where customers allow users wide access limited only by bare minimum requirements.

Johannes Scholtes: Many sales cycles at ZyLAB start with an e-discovery request. These projects are very incident-driven. After a number of incidents, ZyLAB is often able to sell solution to the people that handle the incidents: the corporate legal or litigation support department. In fact, records management, e-discovery and its supporting functionalities serve as the critical pillars upon which true knowledge management can be built. And it is only in this foundational context that a practical, compliant and comprehensive enterprisewide knowledge management solution can become fully actualized.