Building a working knowledge management system for use in a large organization is a complex process that involves countless factors. But the one thing that should be considered above all else is information security. For many companies, the security of information can mean the difference between success and failure. It is obviously a problem when internal communications and intelligence get out into the world, and it can also be bad PR when there is a security breach. Perhaps more important, however, is protecting sensitive data from outside retrieval. The leaking of certain types of information can have catastrophic consequences for both companies and affected individuals.

When creating a knowledge management system, there are a few major concerns to keep in mind, including:

• Users: Who will have access to the information stored in the knowledge managements system? Who should not have access?
• Restrictions: Will some users have access to only some of the information? Will anyone have special access to all of the information? Who needs total access, and how can their access be protected?
• External access: Will anyone from organization be given access to the knowledge management system? If so, who and to what extent?
• Consequences: What would be the consequences of a data breach? Could the company get in legal trouble? If so, what safeguards need to be put in place to protect any particularly sensitive information?

Obviously, such concerns are not to be taken lightly, and no knowledge management system that has not addressed these concerns should go live.

The first step is to decide which information should be accessible on the knowledge management system in the first place. For particularly sensitive information, it is important to consider whether it should be placed on servers or into cloud networks that could potentially be hacked. On this point, many companies must be careful to balance accessibility within the company and security concerns. Many companies managers are so enamored with their new knowledge systems that they fail to weigh these concerns and end up making available more information than is necessary.

The next step is to consider who should have access to what information. Obviously, the very sensitive information should be either not stored in knowledge management systems at all or made accessible to only the top people in the organization. Below that, companies must consider whether there will be department-based restrictions, authority-based restrictions, or any other restrictions that would be beneficial to company operations. Of course, some companies that do not handle sensitive information and do not have any intelligence to protect from leaks do not need to give much thought to restrictions.

Once these questions have been properly weighed, it is time to consider what type of authentication system to put in place. There are some novel and highly effective knowledge security resources currently available on the market. Some go well above and beyond the typical username-and-password login interface, using creative tactics designed to keep breaches from happening. Companies that handle lots of sensitive information or that do not want their information shared with competition should consider some of these higher-level authentication methods.