What security aspects should everyone know?

Knowledge risk IT-supported knowledge management requires specific security management


published in: 2005#3, page 52

Category: Management and knowledge

Keyword: Knowledge management

Summary: Knowledge management and the internal use of search engines hold enormous opportunities for large companies. At the same time, however, they also increase existing risks. To compensate for this, particularly careful security management is required.

Author: By Benjamin Bedeković, Munich

Professional knowledge management is increasingly becoming an important competitive factor. The increasing division of labor and the need to have knowledge available across organizations, however, also lead to a concentration of sensitive data in the network. Nevertheless, there is ultimately no getting around knowledge management: Studies have shown that companies that use such methods achieve higher returns. Knowledge is just as important a capital as fixed assets or employees. And good knowledge management brings it specifically to those who need it - and who are entitled to do so (see Fig. 1).

Figure 1: Knowledge management leads to the concentration of sensitive data in company networks.

Search engines and document management systems are used to collect internal data from a wide variety of business processes and databases in a targeted, task-related manner; the same search methods scan sources on the Internet for relevant data. Top companies set up knowledge databases, whereby this knowledge is recorded and processed by knowledge managers in order to make it available for later tasks. In this way, the information is not only available in the minds of employees, but also available to all authorized persons worldwide.

Duplicate work - reinventing the proverbial wheel - or the repetition of errors that have already occurred can be significantly reduced. This also includes the integration of regulations such as quality guidelines, product specifications and production plans. Another possibility is offered by employee portals with access to general company information, which keep employees informed and increase their satisfaction and loyalty to the company.

Globalization and the pressure to rationalize are constantly changing the way we work, in a form that is in part only made possible by IT: international division of labor, virtual cross-location teams, broad knowledge transfer to subsidiaries, networking of development processes with suppliers, cross-location controlling of processes, to name just a few examples call.

This way of working requires the provision of internal knowledge from a number of data sources (databases, mails, Office documents). External data on risks (markets, damage assessments, technology), trends, competition, patents, relevant studies and press publications are also made available as knowledge using search engines from the Internet or via "subscriptions" to third-party databases. Depending on the task, all of this data is linked according to topic, and ratings are added and saved. The company's knowledge and its assessments of the environment are growing more and more. This leads to a very sensitive accumulation of data.

With the classic approach, data were mainly accessible according to predefined query structures or keywords, for example in SAP standard systems, the data collection in the data warehouse with its broader linkage and query options becomes more delicate. Systems for document management and search, with which all data types can be called up from many of the company's databases and collections, if the user is authorized, have a significantly higher risk potential. Sometimes it is enough to know the headings without opening the associated documents if you do not have authorization to get a picture of the situation.

Missing overview

Larger and internationally operating companies often have distributed data pools at many locations. Product developers use data on the market, competition, product specifications, profitability calculations and quality in virtual teams. Sales staff need data for sales strategies about the international market, competitors, customers and product specifications. Buyers use product specifications, quality data and procurement sources from competitors. These data requirements can be expanded at will. In the process of division of labor, everyone accesses the same data pool with different queries, depending on the task at hand. In the course of time, different data combinations from the (inter) national data pool are required again and again at a certain point for a wide variety of tasks. For a certain element, with full use of distributed data, it is difficult to determine in advance which person or organizational unit needs which data and when.

Often there is also a need that is not directly defined by the usual business processes or that only occurs rarely. Examples include call centers struggling with customer problems, insurance employees who need data on a new type of damage, emergency management in the event of a chemical accident, defense against an injunction in a patent dispute or perhaps researching a competitor's novelty at the trade fair. All of these are cases in which search engines or knowledge management methods are used. Such accesses are then even more amorphous than with standardized business processes and mean: Access by many users, which cannot be foreseen at the database level, with a large number of data combinations. And what cannot be predicted is difficult to prove with "narrow" authorizations.

Security issues

The requirements of knowledge management thus create special security problems. This includes the complexity of the access authorizations and the increased attractiveness of the accumulation of knowledge for third parties, but also the often lack of sensitivity of users and administrators with regard to security requirements and the diverse access to external sources via the WWW.

Complex access rights

On the one hand, there is the need to protect sensitive business data by restricting the allocation of rights. This is countered by the requirement of internal and external users (employees, suppliers, home workers, customers) to get the information they need as comfortably as possible. Effective online work saves time and reduces costs. If the procedures are too long or difficult, there is a risk of frustration and additional work (help desk, unavailability, wrong decisions, etc.). Access to a large number of platforms, systems and applications is necessary, and possibly in an international language / communication environment. Last but not least, it is common for a global player that the organizational units change continuously with regard to employees, tasks and terms used.

The planning and management of digital identities and access rights is very difficult in this environment and poses a major and constant challenge to IT managers, as the current requirements for access rights are constantly changing and maintenance is therefore very time-consuming.

Increased attractiveness for knowledge theft

Without the use of knowledge management, attackers could often only steal individual data or read emails, which often only led to limited, isolated problems. However, the possible access to complex data combinations, sensitive evaluations and knowledge databases make attacks much more attractive. In the event of misuse, considerable damage is conceivable or even the company's market position is endangered. The particularly sensitive data collections include:

  • Assessment of competitors from different perspectives and associated strategies,
  • Collection of purchasing sources and related purchase prices and logistics strategies,
  • Patent analyzes and procedures against competing patents,
  • Customer lists with conditions and goals and ratings,
  • unique chemical formulas,
  • Quality guidelines for certain production processes,
  • critical employee surveys,
  • Employee profiles in the internal "Yello Pages" (ideal access for headhunters),
  • Financial data and evaluations also for subsidiaries,
  • Quality problems with products in individual countries,
  • Risk assessments.

The danger is not only external "interested parties" such as competitors, large customers and other dark men, but also employees who are dissatisfied or want to change employers. Often an attempt is then made to create a knowledge repository for all possible questions; the larger the depot, the more attractive it is to the outside world. What cannot be overlooked is the danger posed by temporary employees (interns, graduate students, temporary workers, etc.). Such people are often employed with special tasks such as gathering information. If such temporary workers are recruited or smuggled in by external parties, there is a considerable risk potential (see also Fig. 2).

Figure 2: Internal data is at risk from a variety of factors.

Lack of sensitivity

Users, administrators and IT managers are seldom aware that knowledge management, the use of search engines and document management systems pose a significantly higher threat than traditional applications. Not only the accumulation of sensitive data, but above all the "intelligent" access to the company's knowledge via search engines increase the risk. Neither the typical guidelines and instructions of the company nor the relevant IT security standards (BSI, ITIL, ISO) adequately take this threat into account. In practice, a lot of security problems are found almost regularly, such as:

  • Knowledge is stored locally with all associated problems (PC exchange, theft, storage on CD or other removable media, misuse by external users during absence, insecure passwords, etc.),
  • Storage and processing on notebooks with all known problems related to IT security in mobile systems,
  • Servers and stored knowledge are not sufficiently secured,
  • Administrators have access to knowledge
  • lack of higher-level access management,
  • lack of methods and software for security management,
  • common vulnerabilities in, and.

These deficiencies are already dangerous in normal operation - however, the risk increases with knowledge databases and search engines! It is striking and frightening that there is still so little awareness of dangers even today, although the protection of company knowledge is not even important for internal reasons: Because in the context of assessments according to Basel II, negative findings on IT security lead to devaluations and limited creditworthiness. In addition, board members and GmbH managing directors may even be personally liable for a lack of due diligence if the company is at risk.

Problems brought in

Internal search engines usually also look for external knowledge. While manual activities and normal business processes tend to access trustworthy sources via the Internet, search engines scan all available sources nationally and - if specified - also internationally. Administrators can sing a song about salespeople who bring contaminated data with them from all over the world - files from China, India and Russia are particularly feared. The situation is similar with search engines: In the event of inadequate security precautions, problems or, in the worst case, even Trojan horses that spy on knowledge are brought onto the intranet.

However, phishing, injection and other popular attack methods can also cause even greater damage in "knowledge environments" than usual. Especially since large intranets and extranets, due to the immense number of users, are already on the same level as the threat from the Internet - "internal perpetrators" usually even have less high security hurdles to overcome and often insider knowledge is also available.

Strategy and operational measures

In order to compensate for the increased risks, all systems and processes affected by knowledge should be prepared and administered particularly carefully (see Fig. 3). Because even small errors that would have limited effects in classic applications can endanger the entire company in knowledge environments.

Figure 3: Procedure for introducing a company-wide search engine.

Systematic planning

Systematic and comprehensive planning must therefore be carried out at the beginning of the introduction of knowledge management and search engines. Above all, safety aspects should be in the foreground! The classic procedure of setting up a system and then imposing a security concept does not work here, since security requirements influence the concept to a particularly high degree. The planning roughly comprises the following steps and questions:

  • Detailed analysis of information needs: Which user in which organizational unit needs which information? Where is the information stored and how should it be found? How should information be evaluated and presented?
  • Security concept for storage and access: Which data are sensitive and worth protecting? How is data stored and protected? Which secure access methods should be chosen? How are access authorizations to be regulated? How is it controlled?
  • Selection of hardware and software as well as integration into the networks: Which hardware configuration offers the best access protection? Should a hardware-supported user identification be set up? Are laptops excluded? What protection of the server with knowledge databases and search engines is planned (router, special security hardware, software)? What software is used for search engines and security management? Does the communication need to be encrypted?
  • Organization of implementation and operation: Who is responsible for the introduction? How is the training of users and administrators (knowledge management, search engines, security) carried out? How is operation ensured? Which procedures have to be set up for the ongoing security control of databases and access?

Search engine selection

The requirements for an intranet search engine differ from those for an internet search engine: While information on the internet has to be found as precisely and quickly as possible, authorization must also be checked in the company network. The authorization with regard to the search for certain data takes into account department affiliation, position and, if necessary, also person. Depending on where the access check is implemented, a distinction is made between three procedures:

Unmapped security

So-called unmapped security is the easiest way to control access during a search. The user is shown the complete list of results and access is only denied if the selected document is attempted if authorization is not available. The search engine behaves completely neutrally. Security and access rights are only implemented by the system that holds the data, for example the database server or the document management system.

The advantages of this solution are simple implementation and, due to the low requirements, compatibility with almost every search engine. The disadvantage is that the user sees document headings or summaries of the document, which may be enough to unintentionally compromise sensitive information. In addition, users can be frustrated when they see that they have been blocked from accessing certain documents. Despite all these dangers, unmapped security is still very common in search solutions. However, this can usually only be useful at department level if every employee has access to departmental documents that are indexed in the search engine.

Pseudo mapped security

With this somewhat more advanced method, the search engine on the backend does not take care of the security issues of documents either, but the frontend checks the list of results for each individual result for access authorization. This concept can be implemented with many search engines - if necessary also retrospectively.

Disadvantages are long lists of results that take a long time to be checked and displayed. Incidentally, malfunctions in the access authorization check lead to the entire, unchecked result list being displayed. Another disadvantage is that when using security systems from different manufacturers (e.g. Notes and Windows), a parallel search across all data records is more complex to implement and also has a very negative impact on performance. Solutions with pseudo mapped security should therefore no longer be reinstalled and existing systems should only be further developed with minimal effort.

True Mapped Security

Current search engines, on the other hand, support a holistic concept for integrating access rights to documents. The document authorizations are processed directly by the search engine.When the user is authenticated, the respective authorizations are updated and queried and then transmitted with every search. The mapping is then carried out directly in the search engine. The advantage is that results can be processed and displayed in the shortest possible time (milliseconds) - despite a high level of security. It is also possible to search different systems with different authorizations in parallel. The disadvantage is the more complex integration compared to Psuedo Mapped Security. Nevertheless: Search engines that support True Mapped Security are required for company-wide search concepts, especially when a comprehensive and centrally regulated system is planned.

Stricter IT security

As surveys show, many companies have inadequate IT security - that usually means that professionals can access internal company matters and new threats are added every day. It cannot be said often enough: In view of the higher sensitivity of the data, the highest possible level of security must be implemented at the latest when using knowledge management! This must take into account all aspects from organization to software to hardware. The necessary methods are extensively described, for example, in the Information Technology Infrastructure Library (ITIL), in the BSI security manual or other relevant standards. However, some special notes should not be missing here either.

Creation of a secure knowledge space

In contrast to less sensitive data, knowledge as the most important asset in the company needs to be treated separately. Wherever possible, knowledge should be "pooled" in separate safety islands. This includes the storage of the data on specially secured dedicated servers on which no other applications are running, their delimitation by means of a firewall and the use of a virtual (VLAN). The use of specially secured workstations for the knowledge network is also recommended.

Software-based identity and access management

The administration of digital identities for employees, customers and suppliers in an environment of a multitude of platforms, users and applications is a highly complex task. It is not just about assigning passwords and maintaining active directories, but also about a comprehensive software solution for automating the security process with integrated tools. Components of this include single sign-on for simple, user-friendly login, clear password maintenance at a central point, as well as central, automated assignment, implementation and control of user rights. Protection against identity theft as well as clear and graduated regulation of Internet access should also be part of the security concept.

Protection of the networks

The theft of knowledge can be made more difficult by hardware-based precautions; The highest possible security standards are to be aimed for here. This has to be supplemented by software measures: espionage programs, identity changes, the cloning of access points or network worms, to name just a few, must not offer any chance of endangering company knowledge. Complete control of the networks and their use is also required. These external protective measures must be supplemented by measures to protect against internal attacks, whereby these must meet similar requirements as the external defense.

Security awareness and control

In the meantime, many users and administrators have seen increased security awareness, but this is usually not enough to meet the additional increased requirements of knowledge management. Training, newsletters and the like must therefore create a special awareness of IT security in this environment. This must be supplemented by measures for the software-supported automated control of all activities in the network.


Knowledge management makes companies more sensitive to data abuse and, in extreme cases, can threaten their very existence. This is caused by the concentrated accumulation of sensitive data that is accessed in heterogeneous environments via complex network structures. Particular problems arise in large-scale companies due to the increased attractiveness of the data and the increased risk of knowledge theft. The insensitivity to threats to knowledge among users and IT managers as well as the well-known insecurity of networks exacerbate the problem.

In order to still be able to use the great opportunities of knowledge management without worries, careful systematic planning, the right software and the implementation of high security standards must reduce these risks.

Benjamin Benjamin Bedeković is Technical Director of global linxs gmbh ( www.global-linxs.com).

back to content
© SecuMedia-Verlags-GmbH, 55205 Ingelheim (DE),
2005#3, page 52