Knowledge Protection for Digital Innovations: Integrating Six Perspectives

New ways of combining digital and physical innovations, as well as intensified inter-organizational collaborations, create new challenges to the protection of organizational knowledge. Existing research on knowledge protection is at an early stage and scattered among various research domains. This research-inprogress paper presents a plan for a structured literature review on knowledge protection, integrating the perspectives of the six base domains of knowledge, strategic, risk, intellectual property rights, innovation, and information technology security management. We define knowledge protection as a set of capabilities comprising and enforcing technical, organizational, and legal mechanisms to protect tacit and explicit knowledge necessary to generate or adopt innovations. Introduction In our connected knowledge society, organizations benefit from exchanging knowledge with external parties but have to protect themselves against those that seek to appropriate critical knowledge (Jarvenpaa and Majchrzak 2016). Increased connectivity and current technological trends have shortened digital innovation cycles compared to traditional innovations, which makes innovations more difficult to protect. Digital innovations predominantly rely on innovative ideas and knowledge (Yoo et al. 2012). Due to the tacit nature of knowledge and its boundedness to humans, pure technical approaches cannot provide the needed level of protection Thalmann et.al. / Knowledge Protection for Digital Innovations: Integrating Six Perspectives Proceedings of the 11th Pre-ICIS Workshop on Information Security and Privacy, Dublin, Ireland December 10, 2016 2 (Manhart et al. 2015; Olander et al. 2014). Rather, an integrated perspective that builds on several research fields is needed. The protection of knowledge has so far been considered from different domains (Ahmad et al. 2014; Manhart and Thalmann 2015; Norman 2002): information technology security management, knowledge management, strategic management, risk management and innovation management. These domains tackle the Knowledge Protection (KP) issue from different angles and perspectives. However, the foci of these domains vary considerably. We argue that a comprehensive perspective on KP is needed for the following reasons: (1) Digital innovations become more intangible over time (Amara et al. 2008; Yoo et al. 2012). Knowledge-intensive innovations require different measures for protection (Ahmad et al. 2014). (2) Shorter innovation cycles of digital innovations increase the pressure to collaborate (Schilling 2015). (3) Organizations have to assimilate external knowledge from more dispersed sources on multiple sectors, locations, and cultural settings (Malecki 2010), forcing organizations to collaborate in innovation processes and to produce more complex outputs. (4) The use of social software for collaboration and knowledge management, called social knowledge environments (Pawlowski et al. 2014), creates many opportunities for knowledge sharing and can facilitate innovation processes (Kane et al. 2014). However, the use of social software impose new knowledge risks (Väyrynen et al. 2013). (5) Current trends in society, as well as the popularity of social software, increasingly blur the borders between private and business lives (König et al. 2014). This situation facilitates creativity for innovation processes but also creates additional risks of unwanted knowledge spillovers (Ahmad et al. 2014; Huang et al. 2015). The overall research question is: Thalmann et.al. / Knowledge Protection for Digital Innovations: Integrating Six Perspectives Proceedings of the 11th Pre-ICIS Workshop on Information Security and Privacy, Dublin, Ireland December 10, 2016 3 What is Knowledge Protection and what are its implications for the management of digital innovations? Background In knowledge management, KP is designated as a core strategy (Bloodgood and Salisbury 2001) but has received little attention to date (Manhart and Thalmann 2015). Strategic management literature mainly focuses on knowledge as an organizational asset in dyadic relationships, such as joint ventures or cooperation of large international enterprises, but neglects complex relationships, such as in networks (Hernandez et al. 2015; Pahnke et al. 2015). Risk management studies concentrate on business risks to already established organizational assets yet disregard the threats to emerging innovations (Ilvonen et al. 2015). However, first approaches to assess knowledge risks can be found, i.e. (Thalmann et al. 2014). Studies on IT security management emphasize well-categorized and classified resources and communication channels but underestimate the protection needs of knowledge that is bound to humans and communications supported by social media (Ahmad et al. 2014; Väyrynen et al. 2013). Finally, innovation management research highlights the formal protection of innovation processes by using contractual agreements in large companies (Amara et al. 2008) but rarely focuses on informal measures (Olander et al. 2014). Legal measures to ensure appropriation of IPRs are also well researched; however, measures for smalland medium-sized enterprises, such as patents, are often unaffordable (de Faria and Sofka 2010). All of the reviewed base domains distinguish between tacit and explicit knowledge. Tacit knowledge is embodied in employees and is especially emphasized in knowledge, strategic and innovation management studies, and to some extent, in risk management research. The risk management, IPR and information security literature focuses on explicit knowledge that can be Thalmann et.al. / Knowledge Protection for Digital Innovations: Integrating Six Perspectives Proceedings of the 11th Pre-ICIS Workshop on Information Security and Privacy, Dublin, Ireland December 10, 2016 4 stored in Information Systems. In addition to the tacit and explicit dimensions, the distinction between strategically important knowledge and operationally important knowledge is made. Therefore, strategic, innovation and IPR management studies emphasize strategically important, competitive knowledge, whereas the other domains highlight both strategically and operationally important knowledge or do not make this distinction. Taking the six base domains into account, four major goals are relevant to KP, as follows: (1) protecting against unwanted leakage of knowledge, (2) assuring availability of knowledge, (3) countering unconditional knowledge sharing, and (4) appropriating revenue streams. Thus, KP aims to ensure operational and competitive advantage, and threats to knowledge are regarded as coming from both inside and outside the organization. Nondisclosure agreements for teams, awareness training programs, or interpersonal trust building are measures that stakeholders strive to implement at the individual level. Almost all the base domains focus on protection at the organizational level. The KP frameworks, security policies, and organizational measures are aimed for organization-wide implementation. At the inter-organizational level, behavioral control and trust building are used to reduce opportunistic behavior. Research Plan We plan a structured literature review, which will be conducted by following Webster and Watson (2002) and Schultze (2015). The review will be undertaken in three stages, as follows: (1) identifying the relevant literature, (2) structuring the review, and (3) contributing to theory. In stage (1), we will conduct a full review of the top journals in the general IS and management fields and the top journals in the six base domains identified in the initial review (see Table 1). We will cover the issues over the last ten years since we expect the lion’s share of publications on KP and digital innovations from 2005 until the present time. The selection of journals will be Thalmann et.al. / Knowledge Protection for Digital Innovations: Integrating Six Perspectives Proceedings of the 11th Pre-ICIS Workshop on Information Security and Privacy, Dublin, Ireland December 10, 2016 5 based on their rankings if available (Azar and Brock 2008; Crossan and Apaydin 2010; Serenko and Bontis 2013). We will complement the review with backward and forward searches of highly cited articles (Webster and Watson 2002). To identify potentially relevant papers, we will apply the building-blocks approach (Rowley and Slack 2004), transforming relevant concepts into search statements and extending the statements by using synonyms and related terms. In stage (2), we will supplement the search for papers with the development of a concept matrix (Webster and Watson 2002) that identifies the main elements of analysis. We will adapt the starting elements of the concept matrix from the work of Seidel et al. (2010)), such as “domain,” “research methods,” or “role of IS.” Table 1. Targeted journals IS Senior Scholars’ Basket of Journals: European Journal of Information Management, Information Systems Journal, Information Systems Research, Journal of AIS, Journal of Information Technology, Journal of MIS, Journal of Strategic Information Systems, MIS Quarterly General Management Journals: Management Science, Organization Science, Administrative Science Quarterly, Academy of Management Journal, Academy of Management Review Knowledge Management Strategic Management Risk Management IPR Management Innovation Mgmt. Security Management Journal of Knowledge Management International Journal of Knowledge Management Knowledge Management