Under Attack

cyberattack_080812One of the biggest challenges in knowledge management is how to increase responsible knowledge sharing in the face of heightened security concerns. To be honest, I had heard IT colleagues talking about the growing number of network incursions, but since I had not seen any evidence of these incursions, it all seemed a little abstract.

Today some of our students in Columbia University’s Masters of Science in Information and Knowledge Strategy program showed me two cyber attack maps they have been monitoring. Suddenly, I had an almost visceral appreciation of the scope of the problem.

I invite you to spend a few minutes watching each map to get a sense of what is going on. It should give you new empathy for your IT colleagues. It also should give you greater impetus to find responsible ways to share knowledge within your organization. If we are unable to balance healthy knowledge sharing with safe networks, our organizations will effectively be hobbled. That is not a result you want to have happen on your watch.

[Photo Credit: Trend]


When Dinosaurs Roamed the Web

800px-Triceratops-vs-T-Rex001From our grandparents’ time back to the dawn of oral history, we used the phrase “once upon a time” to indicate a long time ago. Then we started to use some variant of the phrase “back when dinosaurs roamed the earth.” Again, this is not a literal indication of time, but rather a figurative one. (If you want to be literal, they walked the earth between 230 million years ago and 65 million years ago. In other words, a long, long, LONG time ago.)

When dinosaurs roamed the web

When you are considering such long spans of time, you naturally expect massive changes. Now that life is speeding up, however, we are experiencing massive changes over a much shorter period of time. Take, for example, the changes that have occurred since “dinosaurs roamed the web.” A recent article by Jamie Carter, The internet is everywhere – but where has the web gone‘ summarizes the sweep of these changes nicely:

“The web started out as a content repository where search was the key enabler,” says Richard Moulds, VP Strategy, Thales e-Security. “Web 2.0 was about user-driven content and social media was the big enabler, and Web 3.0 is all about personalisation where different users experience different things based on their history and preference. For this transition, big data is the key enabler – without massive data analytics, personalisation on a grand scale is not possible.”

Three Eras of Knowledge Management

This quote brings to mind the seminal work by Nancy Dixon in which she discusses the Three Eras of Knowledge Management:

  1. Leveraging explicit knowledge: capturing (i.e., documenting) knowledge, organizing it into databases, providing easy access to the knowledge.
  2. Leveraging experiential knowledge: enabling teams, groups and communities to share tacit knowledge rather than merely explicit knowledge. Focusing on tactical, frontline  knowledge rather than strategic or managerial knowledge.
  3. Leveraging collective knowledge: conversation-based knowledge sharing, in which the role of leaders is to convene strategic conversations.

These two views do not map exactly. For example, Nancy Dixon suggests that social media tools (i.e., Web 2.0) would be useful in leveraging collective knowledge across physical or geographical boundaries. In her view, social networking technologies provide “greater organizational transparency and give rise to more diverse perspectives in the organizational conversation. The use of crowd sourcing, cognitive diversity, and predictive markets draw on a wider base of thinking, both internally and externally, that increases organizational innovation.” It would be interesting to see how she might think about the personalization capabilities of Web 3.0 and its place in knowledge management.

Escaping the dinosaur age

Even in the absence of a neat one-to-one comparison, it is still useful to take a moment to consider where your organization’s knowledge management efforts are focused today. Starting with Nancy Dixon, where is your organization’s KM program with respect to the Three Eras of Knowledge Management? Are you still in the first era, trying to build a foundation of good content management? Or have you moved to more conversation-based knowledge sharing?

Now, take a look at your intranet. Where is it in terms of Richard Moulds’ breakdown of Web 1.0, Web 2.0 or Web 3.0. Are you still focused on simply providing as much centrally vetted content as possible? Or have you moved beyond that to include a wide-range of user-generated content. Better still, do the users of your intranet or knowledge management program have the benefit of thoughtfully personalized resources that allow them to focus on the things that matter most to them at any given time?

In law firms, for example, some rudimentary personalization occurs based on role (e.g., partner, associate, staff), client, practice group and location. Do you go beyond these basics to provide personalization based on search terms, user behavior, talent management (e.g., providing content that supports a user’s development goals) and time management (e.g., providing content that fits with a user’s current time management challenges or opportunities)?

If you are stuck in the stage of basic content wrangling and presentation, you are living when dinosaurs roamed the web. Isn’t it time for you to move into the 21st century?

[Photo Credit: Marcin Chady]



KM Guardian or KM Guide?

World_Map_1689What is knowledge management’s core function? Are we to be guardians or guides?

When I started in law firm knowledge management, my role was fairly clear: I was to be a guardian. What does this mean? My job was to gather and guard the intellectual capital of the firm. I was to help filter the useful material from the less useful, put the useful material in a central location, and then provide easy access to it based on the firm’s confidentiality rules and permissions structure. While this was a fair amount of work, it was not hard to grasp. Further, it fit nicely with one of the traditional roles of law firms: gatekeeper of esoteric knowledge. Just as law firms accumulated knowledge of the law and then provided it to clients, I was to provide the same service to the lawyers who were my internal clients. In a sense, I was to be the firm’s gatekeeper of gatekeepers.

In many law firms today, this is still the primary function of their KM personnel. They hunt down or create legal content. They cajole or harass fee-earner colleagues to draft, review and approve materials for the central repository of firm crown jewel documents (e.g., model documents, practice guides, matter process maps, etc.) They tangle with IT in an attempt to create a user-friendly environment for that central repository (e.g., an intranet/portal or even a simple wiki). And once they have some content in this collection, they then need to start the work of finding fee-earning colleagues who will actually keep those materials current and relevant.  On the best of days, being a KM guardian is a sisyphean task.

Being a KM guide is no less time-consuming, but I would suggest that it is far more productive.

What is a KM guide? The role of a KM guide is not that different from a tour guide: identifying the trail, illuminating the path, providing context, enabling fellow travelers to discover and learn from the experience.  The pathways in question here are not physical pathways, but rather pathways to learning and knowledge.  Accordingly, rather than saying “this document contains what you need to know,” we would instead say “this how others in a similar situation found what they needed to know.”

Before you dismiss this as an inefficient, roundabout method, consider the following example. If you come to me looking for information and I hand you something off-the-shelf, generally one of two things will happen: either it will be exactly what you were looking for (and you will thank me profusely) or it will not be what you were looking for (and you will wonder why you wasted your time). This is the experience many people have when they go to their intranet looking for information.

There is also a variant on the second experience that can be profoundly aggravating: they find something that is almost, but not quite, what they were looking for. So they have to reverse engineer it to figure out how much they can salvage and how much they must create from scratch. However, because there rarely are any “reverse engineering instructions” attached to the document, they often have to reinvent the wheel in order to meet their goal. Talk about a colossal waste of time! Yet it goes on every day in organizations around the world.

Now are you ready to consider an alternative?

What if we had a map of the path the earlier traveler took to their destination. You would know that you didn’t need to go as far as they did, but you could follow the map until you reached the point where you had to take a turn onto another road. Obviously, your path on that other road would be beyond the map you were given, so you would have to figure that part out for yourself. However, that would be the ONLY part you would have to create from scratch. For the earlier part of your journey, you would simply have to follow the map rather than creating your own trail (machete in hand) through the undergrowth.

The beautiful thing about working with journey maps rather than destination documents is that these maps show the next traveler where the previous trailblazer was trying to go and how they did it. Then the newcomer can determine how best to plan their own journey. In doing so, they will build on the work of others rather than being forced to reinvent the wheel.

While I have not yet had a chance to test the software, there is a new tool that promises a similar experience by mapping the research path people take through the internet in pursuit of answers to life’s burning questions. Twingl’s Trailblazer is an extension to Chrome that shows what sites you visited and, in the process, reveals something of your thought process. There are several benefits to this approach:

  • You can step away from your research and then return later without having to repeat steps.
  • You can review your map to see where you might have missed something or taken an unproductive turn.
  • You can share your map with others — thereby transferring both the knowledge of where you ended up, as well as how you got there.

Now imagine if we could create similar maps of how the lawyers in our firms arrived at certain judgments, negotiation stances or language in documents. Then we could share within the firm a much deeper and better quality of knowledge — not only what we decided, but how we got there. These knowledge pathways set one lawyer apart from another. Aggregated, they could set one law firm apart from the others.

KM personnel have a role to play here by being KM guides.  A KM guide helps lawyers uncover and map their journey. Then that KM guide can maintain and share those maps. Just as we groom cross-country ski trails,  a KM guide keeps the knowledge trails within an organization accessible, well-tended, free of debris and easy to follow. Over time you will have a collection of overlapping maps that build on the work of earlier generations of lawyers and then extend the collective learning in new directions. What a fantastic outcome for a KM effort!

In an era of disintermediation, it makes less sense to be the guardian of information that often can be found by a variety of means in multiple places. It is more productive to help all the people in your firm rise to a higher point on the learning curve by building systematically on the knowledge maps of colleagues. You can accomplish this by being a KM guide.


[Photo Credit: Wikipedia]



Who Needs to Know?

Who_is_it“Who needs to know?”

This is a question we ask often. Unfortunately, it is a question we do not always answer correctly. Sure, we might identify the obvious people, based on our personal experience or knowledge. However, we occasionally forget some key people, and there may be yet others of whom we are completely unaware.

As a result, we share knowledge with the smallest possible group. But that group may not even be the right group. We may explain our approach as well-intended efficiency or even a bid for security. However, at the end of the day, by failing to ensure that information reaches the right people, we have ensured that any decisions we make will be made on the basis of incomplete information.

Is it any wonder so many organizations make so many mistakes?

These are real questions in the context of law firms and law firm knowledge management departments that are trying to thread the needle between firm-wide knowledge sharing and concerns about protecting confidential information. While I do not want to minimize in any way the importance of protecting client-confidential information, I wonder if in our zeal to limit access to information we are actually depriving ourselves and our clients of the ability to make decisions and provide advice based on complete information.

It is instructive to see how another organization faced this challenge of holding knowledge tightly versus sharing it widely.  The organization I have mind plays for stakes that are very high indeed. It is the US military. In his TED talk (posted below), General Stanley McChrystal explains how he came up through the ranks in a security-conscious, need-to-know organization and yet came to understand the importance of sharing knowledge beyond the small group he initially identified as those who need to know. He describes the need for information security as something that was “in the DNA” of the military. He speaks of the organizational silos that served the purpose of ensuring information was kept safely contained.

Despite that security-conscious DNA, General McChrystal came to a startlingly different answer when he asked the question, “Who needs to know?” He discovered that “in a tightly coupled world, that’s very hard to predict. It’s very hard to know who needs to have information and who doesn’t.” So they changed their approach. They started asking “Who doesn’t know, but needs to be told as quickly as possible?” In fact, they went so far as to start knocking down organizational silos physically by having cross-functional teams work together in “situation awareness” rooms in which they could share, discuss and disseminate information quickly.

The results were impressive:

…as we passed that information around, suddenly you find that information is only of value if you give it to people who have the ability to do something with it. The fact that I know something has zero value if I’m not the person who can actually make something better because of it. So as a consequence, what we did was we changed the idea of information, instead of knowledge is power, to one where sharing is power. It was the fundamental shift, not new tactics, not new weapons, not new anything else. It was the idea that we were now part of a team in which information became the essential link between us, not a block between us. [emphasis added]

Admittedly, the army does not serve financial services companies who insist on rigorous data security audits and will withdraw their business if you do not meet their demands. The army does not have clients who refuse to allow any of their information to be shared within the firm even as they expect that they will have the benefit of learning and experience derived from the firm’s other clients. The army does not have owners who have grown up with a need to protect confidentiality that goes beyond professional obligation owed to a client, to cover even the most basic information about the health of the firm.

On the other hand, the army does make life and death decisions on a daily basis. And in this context, the army has learned that if it wishes to have effective teams that make good decisions, it must share information so that information becomes the “essential link” and not a “block” to team effectiveness and good decisionmaking.

Given the army’s example, isn’t it worth thinking harder about how to share knowledge safely and efficiently within law firms? At a minimum, it must mean moving beyond simply asking “Who needs to know?”


[Photo Credit: Wikipedia]


Survival in a Data Security Obsessed World

Knowledge management encourages transparency and information sharing. But data security concerns are driving more organizations to lock down their data so that is “safe.” In the process, security measures can make it harder to share information. In this data security obsessed world, how can knowledge management survive?

[These are my notes from a private international meeting of large law firm knowledge management personnel. The sessions were off-the-record, so the comments below are without attribution.]

Even though some data should legitimately be locked down (e.g., personnel information), organizations often tend to go overboard and sweep up even innocuous information in the lockdown. Is personal privacy dead? The optimists say no, but it has changed. The pessimists say it’s not dead — yet — but it’s on life support. What are the biggest threats? Private hackers (theft-focused), hacktivists and state-sponsored incursions into privacy.

Key concerns impinging on KM content:

  • Data security concerns
    • inquisitive, disgruntled or departing firm personnel
    • insider trading issues
    • hackers
    • foreign and domestic government intelligence gathering
  • Data privacy concerns
    • data privacy protection regulations (eg., EU)
    • protected personal health information
  • Legal access/discoverability concerns
    • reach of (primarily US) courts and agencies
  • Proprietary data concerns
    • client-related content deemed to be proprietary
    • copyrighted and permission-restricted content
  • Data management concerns
    • traditional DMS and records management concerns
    • data storage and archival costs

Law Firm Responses:

  • Data security audits
    • clients are trying to protect their data (primarily from competitors and from hackers)
    • growing numbers of clients in financial services (and, increasingly, other industries) are conducting audits
    • these audits contain detailed questions and require the law firms to “prove” that their security measures are appropriate and effective
    • Some firms are trying to use document automation tools to expedite how they respond to client audits
    • Some firms are losing clients when the fail to meet the requirements of the data security audits
  • Content hiving
    • This intended to protect from threats from employees
    • Increased use of restrictive client/matter security
    • Document access restricted by default instead of open by default
    • Increased/extended use of firewalls and firewall maintenance tools
    • As a result, you can see only the data to which you already have access.  This means, you can know only what you know.
    • It means that firms have to hire people or buy tools that can locate and sanitize information so that it can be shared
  • Physical balkanization of data
    • Removing sensitive content from US-based servers (including enterprise search)
    • Restricting access by US-based users and administrators to non-US content
  • Information security education
    • Clients are insisting on information security education programs
    • This is a great opportunity for KM personnel to participate and explain knowledge sharing even in a data lockdown
  • Data privacy managers
    • More firms and clients are hiring data privacy managers

What’s the upside for KM?

  • The need to manage the matter team (in order to implement hiving). This requires a more thoughtful approach to creating and managing teams, heir workflow and their data handling.
  • There has always been a lot of “personal hiving” (where lawyers squirrel documents and information away on hard drives and thumb drives or in email). In this new data security obsessed world, KM can step in to try to curtail the personal hiving.

Focus on Clients: The Client’s View of Collaboration and Knowledge Sharing

triplet towers of paper [This is the fifth in a series of posts featuring a conversation with Susan Hackett of Legal Executive Leadership focused on deepening client relationships in meaningful (and profitable) ways.]

At a recent session on extranets at the ILTA 2012 conference, Lynn Simpson of DuPont started her portion of the presentation with the warning that she “was about to throw a bomb in the room.” She followed that warning with these words:

  • We don’t want you to send us poorly targeted, irrelevant marketing or legal updates. We consider that material to be the equivalent of spam.
  • It’s great that you have all these interesting extranets, but we don’t want to have to go to each firm’s special environment to find the materials we need to work. We want our external clients to come to our environment — the place where we, the client, are most comfortable working.

That should make everyone sit up and take notice!

And then what? Here’s some advice:

  • With a broadcasted email blast, the client is left trying to sift through a host of law firm updates in order to figure out which (if any) of these emails actually are relevant to the client’s work.  Speaking on behalf of clients everywhere, Susan says: “That’s your marketing, not my business interest.”
  • The better approach is for the client relationship partner to personally select the materials that are relevant to the client and then forward them with a covering note that explains the context and how it matters (or should matter) to the client.
  • Ask your client how their department organizes legal information. Are there gaps you could help fill?
  • Does your client have easy access to information relating to the matter you are working on? If not, discuss how you might make these materials available to them in a manner that is convenient for your client.
  • Are there basic knowledge resources or tools you could provide your client to allow a certain measure self-service?
  • Would your client be interested in a subscription service by which you regularly provided information useful to your client’s business operations?

While these are some preliminary suggestions, the bottom line is that each firm has to ask each of its clients for guidance on how best to share knowledge resources. It is now longer a matter of routine marketing. Instead, every action should remind your client of how well you understand your client’s business and how much you are willing to do to support your client’s work. Generic legal memoranda run the risk of sending a radically different message. Is that really what you want to do?

The next in this Focus on Clients series: Creating a Law Firm from a Client’s Perspective

[Photo Credit: artnoose]


Making Knowledge Exchange Work

Making Good Ideas Infectious is the subject of a brief video that reflects the learning about knowledge sharing gleaned from the Sustainable Learning Project and the Involved Project. While I encourage you to take a look at the video below, here are the seven principles presented in the video for better designing processes to have a more positive impact on society:

  1. Design knowledge exchange into your work.
  2. Make sure you systematically represent the needs and priorities of everyone who’s likely to use your work.
  3. Make sure knowledge exchange is a two-way process.
  4. Create a safe space in which people can share opinions and existing knowledge, and generate new knowledge together.
  5. Deliver tangible outcomes that people involved in your work want as soon as possible.
  6. Create a culture of trust where everyone’s knowledge is valued and people stay engaged.
  7. Reflect and evaluate so you can refine your practice.

Now think about the impact these principles might have on your organization.  Think about the difference it would make if you could make knowledge exchange a reality at work.

[Thanks to the Sustainable Learning Project for bringing this video to my attention.]


Fighting the Knowledge Hiding Epidemic

hidingA new Canadian study reveals that companies are suffering from a “knowledge hiding” epidemic.  Or, as Kimberly Weisul puts it, the $73 billion that companies spent on knowledge management software in 2008 (according to AMR research) might possibly be a complete waste.

That’s a thought that should strike terror in the heart of every knowledge management professional.

So what’s going on?  Apparently, companies have invested in marvelous (and expensive) knowledge management systems without first properly identifying and addressing the barriers to knowledge sharing that exist within their organizations.  As a result, their systems lack the key content that make them mission critical. Instead, the people with the goods are keeping them hidden.

The study by Catherine Connelly, Jane Webster and David Zweig cites the following popular methods of knowledge hiding:

  • ignoring requests for assistance
  • claiming that the requested information is confidential and cannot be shared
  • pretending ignorance

The study also provides some reasons why colleagues indulge in knowledge hiding:

  • they are distrustful of co-workers or management
  • they feel an injustice has been done to them
  • they are retaliating for someone else’s bad behavior
  • their organizational culture encourages secrecy rather than sharing
  • they believe that they can get away with it

In a similar vein, Ian Thorpe has noted in his KM on a dollar a day blog the following reasons why people won’t share information:

  • the requested material is “rough and ready” — fine in the hands of the originator, but not safe in the hands of others
  • it is a preliminary draft and has not been perfected
  • the material was not intended for external consumption
  • it may not conform to the public position of management or the organization
  • it may be based on evidence or arguments that have not yet been properly vetted

So what are the best antidotes for knowledge hiding? The key is to build an organizational culture of knowledge sharing.  However, that is easier said than done.  In light of that, what do the study’s authors recommend?

The paper suggested that companies can overcome knowledge hiding by having more direct contact and less email communication with employees, highlighting examples of trustworthiness, and avoiding “betrayal” incentives, such as rewards for salespeople who poach another’s clients. (Jordan Press, Ottawa Citizen, May 16, 2011) [emphasis added]

In addition,

  • Build trust — emphasize positive relationships among employees
  • Demonstrate the mutual benefits that result when colleagues share information
  • Treat all workers fairly and respectfully, thereby reducing feelings of injustice and the need for retaliation

At the end of the day, if you want to get value out of your expensive knowledge management systems, you have to spend the time and effort to ensure that all the people involved are willing to cooperate and share.  Don’t let a technology vendor tell you otherwise.


For further reading, see: Jack Vinson, Knowledge hiding among co-workers.

[Photo Credit: Susan NYC]



“It’s only a teaspoonful,” I overheard the six-year old girl say in all seriousness as she explained to a boy in her class the nature of the contribution the male of the species makes to procreation. The look of horror on the boy’s face was positively comical as he reacted viscerally with the expression “TMI! TMI!”

For those of you who haven’t heard it before, TMI is the acronym for “too much information.” It’s often used when people disclose private details that one would really rather not know about in the ordinary course.  I found myself saying “TMI” when I first read a terrific set of posts by Jim McGee, John Tropea and Jack Vinson regarding the benefits of information transparency among knowledge workers and the importance of making knowledge work more visible. Granted, I was “catastrophizing” as I imagined a workplace where every thought was expressed in writing before it could be edited for appropriateness or sense. I imagined my daily e-mail deluge multiplied many times over once I moved from messages directed at me to a stream messages directed to the entire firm.  I imagined a tsunami of triviality swamping me daily as I struggled to be productive. I imagined having to hide myself in a technology free cave in order to get any work done.

I will confess that I love Twitter and use it daily.  In learning to love it, I’ve come to understand that I cannot and should not try to read everything.   Rather, I dip my toe in and out of the stream when I can.  An important part of this behavior is learning to let go of the need to read it all, and trust instead that the important things will rise to the surface repeatedly and capture my attention in due course.  That’s easier to do in your leisure life than at the office, where I (at least) feel obliged to read everything that my colleagues send me.  What happens when I start receiving a general flow of information rather than the current more limited (albeit sometimes overwhelming) targeted flow of e-mail information?  How do I protect myself from missing the important stuff while suffocating under the irrelevant?

What’s your experience with activity streams work at work?  If you’re using them at your workplace, what can you tell us about how they improve or clog the arteries along which your information flows?  How do you find the important amongst the trivial?

[Photo Credit: Fredshome]


Common Ground

Twice today I was reminded of the benefits of breaking out of my silo and broadening my circle. In both cases, the information sharing came about through ancient technology — a face to face meeting.

In the first instance, I had the privilege of a long conversation with a terrific colleague who works in a completely different department. Under normal circumstances, we’d most likely never meet. However, because we happened to be working on a new  project together, we had the chance to have an extended conversation. In the course of today’s meeting, we discovered that we were working in parallel on two projects that were strikingly similar.  Thankfully, we immediately recognized the opportunities for efficiencies and have agreed to meet again to share knowledge and optimize our results. This is a great example of some of the benefits to be derived from cross-disciplinary conversations.

Later in the day, KMers Johan Lammers, Rob Swanwick, Ian Thorpe and I had a tweetup.  In the course of that conversation, Ian remarked on the similarities in our experiences of knowledge management and social media within the enterprise despite the fact that he and I work in completely different types of organizations.  It was a good reminder that there are some essential truths in KM that apply regardless of context.  As long as we are dealing with human beings, we face these common challenges.  It was also comforting to learn that we are not alone in the face of these challenges.  Regardless of how small your knowledge management department may be, there are many other knowledge managers who are contending with similar issues.  As a result, there are many opportunites to commiserate with and learn from each other if we only step outside our silos.

Given the amount of common ground uncovered today through these two meetings, I’m going to seek out more opportunities to have cross-disciplinary conversations.  It’s my personal attempt to do a little silo smashing with old technology.  If we’re fortunate, these interactions will lead to knowledge sharing and innovation. Can you think of better outcomes for a knowledge management initiative?

[Photo Credit: Calium]