Balancing the “Need to Know” with the “Need to Share”
The “Need to Know” security principle manifests itself in enterprise and information architectures, business policies, and business cultures. When designing information systems in the aerospace industry, priority has historically been given to securing information first by limiting its access, and secondarily, to sharing that information for increased business benefit. In the last decade, though, aerospace’s largest customer, the US Government, has recognized the importance of sharing information early, and has tried to balance the security needs with costs and benefits: they have moved from a primary stance of “Need to Know” to a primary stance of “Need to Share” even while battling increasing cyber threats. This presentation describes the aerospace and defense industry’s approach to achieving that balance, the difficult choices made, and the rationales behind them. Attendees will learn:
- The tradeoffs, and the risks to consider
- Why codification beats personalization as a knowledge management strategy
- The implications for information architecture
The nature of the aerospace industry requires protection of information that is facilitated by a siloed environment: difficult to penetrate, with common authentication but separate authorization mechanisms that are complex and expensive to reconcile. Moving from “Need to Know” to “Need to Share” represents a significant strategic shift in information management, and while security concerns are still paramount, there is wide recognition the overall benefit of information sharing clearly outweighs the cost of continuing to compartmentalize information. That balance, though, is extremely difficult to achieve, requiring many tradeoffs to be considered. We discuss those tradeoffs, and how architecture choices impact and reflect this balance.