RESEARCH Imaginatik Research - collective intelligence, idea management & innovation tools and consulting Imaginatik, the Collective Intelligence company, providing innovation and idea management services and software - Let's connect!

Security and Idea Management

There are legal, commercial and human reasons for making security an integral part of the Idea Management process. A well-designed program can reliably generate high value, protected intellectual property, whereas a program designed with security as an after-thought exposes companies to employee discontent and significant financial risk.

There are a number of components to security within an Idea Management program:

Who is Allowed Into the Program - Most organizations control who is allowed to access a program, some of them preferring to keep strategic or ground-breaking events private from the majority of employees.

Who is Allowed to Do What - Most organizations need to give selected individuals special rights within a program to perform activities such as evaluation, reporting or administration.

Who is Allowed to See What - Organizations have either a real or perceived need to restrict access to content (ideas and builds) based on who you are and what role you have in the organization. Most organizations have a reasonably open attitude to the sharing of early stage concepts, although a minority prefer to restrict access to the select few.

What can be Seen by Whom - Companies may have legal reasons for restricting access to specific ideas or groups of ideas. Global patent rights may be threatened if ideas are inadvertently shared on a corporate intranet. Some ideas may cause organizational conflict and so should be hidden from public viewing (for example, the classic employee complaint of "Save money by selling the corporate jet").

What Audit Controls Need to Exist - It is not enough to have security, companies need to audit and track how people create and use potentially valuable content. Tracking requirements extend from basic time-, date- and name-stamping of documents, to recording how people read and interact with potential trade secrets. Security is therefore a lot more complicated than password protection and recording the name of the idea author. Security considerations permeate throughout a program, in policies and guidelines as well as in system functionality.

The old-fashioned suggestion box used physical security, with padlocks protecting the box from unauthorized access. These boxes only allowed the submission of ideas, making it impossible for others to read previously submitted ideas. This view of security has many negative implications. Idea sharing and collaboration is an essential component to Idea Management, as peer contributions help to turn seed ideas into high value concepts. A small number of companies have persisted with this approach with web-based programs, hiding all ideas from employees. Usually the rationale is bizarrely - yet logically - derived from their specific approach to rewards: employees get significant amounts of money for their ideas, sometimes a fixed amount per idea, and therefore some people cheat by copying and resubmitting other people's ideas. The risk of cheating is so high that the organization feels impelled to hide ideas from everyone, thus restricting the business value of the program, and ironically dooming the program to failure through lack of idea sharing.

Web-based systems usually have some form of 'physical' security through password controls and restricted access to functionality and data. The most secure systems are perceived to be internally hosted systems, using installed commercial software or internally built applications. These systems usually comply with all corporate guidelines for security. However, many lack the in-depth security features mentioned above, regarding the control of who sees what and when.

There are a small number of vendors, including Imaginatik, that provide externally hosted systems, using the Internet to provide connectivity. With over 65% of customers hosted, Imaginatik has found that past concerns of Internet security have been largely overcome by providing several options for secure hosting. For example, clients working with high value intellectual property tend to use dedicated servers (i.e. only one customer per server) connecting through a VPN connection (i.e. private 'tunnel' through the Internet), sometimes combined with a single-sign on connection (i.e. connection to the pre-existing log-in information) to the client themselves.

The protection of intellectual property is a fundamental issue for Idea Management programs. Many companies have made significant investment in patent portfolios, often with dramatic results. IBM, for example, generated over $1bn in patent-related licensing fees in 2002. The rate of patent submission has become a surrogate for innovation activity for several firms, mistakenly in our view. Although patents afford some form of protection for intellectual property, they are expensive to acquire and maintain (think $50,000 - $200,000 for worldwide patent rights), they are not 100% safe, and they often de-focus firms from the real objective of extracting value from the inventions. Idea Management systems support patent activities through safe recording of date of inception, and maintaining a record of inventors and potential co-inventors. Systems like Idea Central extend this concept to the tricky area of anonymous idea submission. Ideas can be saved anonymously but the names are securely stored so that an administrator with special 'internal audit' permission can view the author name. Patents cannot be filed anonymously!

Trade secrets offer another form of protection of intellectual property that needs to be managed. Patents become public domain documents in some jurisdictions, such as the United States. It is possible, for instance, to view both Provisional and Granted Patents on the US Patent Office web site. Trade secrets, however, are not published and the organization has an obligation to maintain tight control over who sees what. The best-known example is the formulation to Coca-Cola - few know the secret. Idea Management systems can support trade secrets through restricting access to content, and by tracking who views the content, functionality supported by the Tracker Module of Idea Central for example.

The risk of poor security can be considerable. A new marketing campaign may be accidentally leaked to all employees before trademarks are filed. A new chemical process is shared across a global organization, potentially preventing the application for a worldwide patent. One supplier starts seeing other suppliers' ideas, and a long-standing relationship is damaged. The risks can be financial and of a significant size.

Security is a serious issue for companies that have high expectations for their program. If you expect the program to generate million-dollar revenue opportunities, it is definitely worthwhile spending effort to ensure adequate protection. There will always be companies with little ambition for their programs, and they will continue to focus on low value cost reductions and process improvements. These programs pose fewer security problems as no one is looking for the next big idea. However, these organizations still need some form of control, even if it is just to give the reviewers a chance to evaluate ideas in private.

Security is a complex, yet essential part of the Idea Management process. Organizations who wish to manage risk, protect valuable intellectual property, and efficiently manage the overall process, should invest in a system that covers both basic and advanced requirements to mitigate risk and maximize the opportunities for success.

If you have any ideas, feedback, or concepts you would like to share, please contact research@imaginatik.com.

Reference: Security and Idea Management - RN-0104-1