In many discussions the view of customer is often cited as a core driver. Organisations have long made a distinction between an external customer and an internal employee. While there is a strong push to only see one customer in recent times, this push comes from a UX (user experience perspective) and “mobile first” perspective.
In this post I’m looking at Information Management from a security perspective. I strongly believe there are differences for employees and customers. In this case customer includes the B2B (Business to Business) and B2C (Business to Customer) elements.
The Internal View
Most organisations have adopted a policy of openness and information sharing. Fileserver security is often implemented as open unless specific needs require folders or files to be secured. The latter is usually bound to confidential or sensitive information like commercial negotiations and agreements, NDA (non-disclosure) data, and personnel files. Other information is shared to achieve better re-use of data, enable master data management, foster staff engagement, and nurture cross functional teams.
The element of trust plays a significant role at what level data is shared.
The element of control plays a second level role which data is classified and who is the gatekeeper.
The balance between those two is for each organisation different and largely influenced by what is commonly called Culture and the Industry the organisation plays in.
A good description is “Enable and Protect if necessary”
The External View.
Customers want to have easy access to their information with the organisation. Repeat data entries is a turn off. If I can’t see what I’ve done previously is also a big no – no. At the same time my information should be protected from other customers or organisations but not necessarily from other employees of my business. For example a third party is working on a project with the organisation, then this information should be shared between the relevant team members of both businesses.
Consequently such external collaboration is often implemented in closed groups or spaces where membership is controlled. This model requires a much closer attention to detail and review of membership in particular when staff on either side move to a different business or part of the organisation.
Trust and Control play again an important role, although the weight towards control is much larger and often reversed to the Internal implementation.
The description here would be “Protect and Enable where appropriate”.