As an abstract notion, there are difficulties when trying to communicate the idea of information management, especially digital information. As something that cannot always been seen or touched, but whose presence is felt one technique is to model by analogy to something other, something more concrete, visible and tangible.

   That is the reason I choose to compare information to water. Unconsciously, we do this anyway, the clues to the representation of one with another happens in the vocabulary engineers use to describe information (and its bit representative cousin, data).

   Information is either in use, in storage or in transit. Engineers describe stores and data lakes, they talk of information being distributed via channels and networks and information transmission has velocity.

   When mishandled, information leaks and breaches abound, and its meaning can be converted to other forms, the meaning becoming either collected or diluted. Thinking about information as being akin to water also allows for other ways to enhance thinking about the nature of information as a raw material or resource, one that is to be guarded and kept free from pollution.

Information Turbulence

   Under conditions of low flow water moves in laminar fashion, the layers of moving over the top of one another in smooth, predictable fashion. At higher velocity, due to the friction forces exerted on it, that flow becomes turbulent, causing local eddies and pools, and becomes difficult to predict or manage. Data and information at speed does likewise, decreasing sample intervals and increase of noise from multiple attenuated signals make predictability an exponentially increasing task. If you are of the opinion that artificial intelligence can accurately predict the real world with any great accuracy try viewing stock market movements.

   The key to accurate insights is to reduce the turbulence of the flow by throttling its speed, and by keeping information sources separate until required. Examples of this behaviour in action include filtered and staged loading from ‘big data’ sources and judicious use of additional sources for prediction. Predicting from models can make productive use of data and information, but complex multidimensional datasets and processing rules generally produce noisy and confused analysis that can confound the business purpose.

Storage Thinking   

  In an knowledge engineering sense information can be very powerful, a stored resource that can be used to create new dynamic insights and content. The power of information is arguably not only in storing it but in channelling, diverting it correctly and knowing where the stopcock is when things go wrong.

   If you choose to store your information in a large lake, be sure to check that the inflow and outflow channels are secure. Members of the public are constantly surprised and alarmed by the size of data breaches and their exposure to potential risks, but the growing presence of large reservoirs of data will only increase the size of exposure.

   As well as maintaining a watertight security handle on the comings and goings of data, CIOs need to see how much of the data that has been collected is a) actually used, b) how much of it is necessary to the running of the services and contracts, and c) how much is potentially in reserve, and what the uses of it might be.

   Knowing your access, throughput and consumption patterns should flag up problems with exfiltration and unusual movement of data. Cloud based monitoring tools can assist with this task.

Security Thinking

   Cybersecurity thinking originated in the martial model of information as a weapon to be used, a resource to be hoarded and fought over. Data protection was, and still is seen as being the province of computer engineers, but the use and protection of information as water supplies is the province and concern of all users.

   Security can never be fully complete, and information needs to be protected from the relevant attack vectors with the precision use of protective boundaries. Rather than trying to defend a perimeter against all, protection should also consist of direct protection methods applied to both the channels and communities that depend upon it.

   Tagged data sources, classified according to quality, content and sensitivity can be appropriately handled in channels according to the need for protection. This could vary from strong encryption of very sensitive supply to lower grade anonymisation and pseudonymisation of shared sources, to editing and amendment lineage to prevent the pollution (intended or unintended) of all sources.


   Thinking by analogy and utilising many of the terms that already exist in the language we use to describe abstract concepts can assist practitioners to visualise and conceptualise creative and innovative solutions to the problems posed by managing intangible assets.

   Reasoning by analogy can assist in simplifying and communicating difficult concepts, although there are always limits to the analogies we use. By building out from creative thinking we also create new viewpoints, find new analogies, or else are better able to see the problems away from the turbulence of the everyday.

I’m Speaking

I’m proud to be presenting to the first conference on Behavioural and Social Sciences in Security, from 10-12 July 2018 on the subject of Information Flow and Trust Formation #BASS18