The Integrity-Availability Connection
We've all experienced it: You're trying to solve a problem when someone casually mentions, "Oh, we already fixed that last year." Where's the documentation? "It's in my email somewhere." Or worse: "We discussed it in a meeting with the previous team lead."
The CIA Triad's forgotten relationship: How availability directly impacts data integrity
This isn't just annoying—it's a fundamental breakdown of the Availability principle in the CIA triad that directly creates Integrity failures. When information that should be available to authorized users is instead trapped in personal storage, email threads, and undocumented meetings, the organization loses its ability to maintain data integrity across time and teams.
When New Work Is Built On Incomplete Knowledge
Information hiding doesn't just waste time—it actively corrupts the integrity of new work. When people make decisions without access to critical context and previous work, they:
- Create conflicting implementations that don't align with existing systems
- Make redundant solutions that waste resources and create maintenance issues
- Implement contradictory policies that create compliance risks
- Establish incompatible processes that can't integrate with existing workflows
- Generate inconsistent data that undermines reporting and analysis
In each case, the integrity of organizational knowledge and systems is directly compromised because of an availability failure. People aren't working with bad information—they're working with incomplete information.
The Clark-Wilson Model: Maintaining integrity requires access to complete information
Real-World Information Hiding Disasters
The Invisible Architecture Decision
An architectural decision to standardize on specific cloud services was made in a leadership call with no documentation. Six months later, a new team implemented a solution using incompatible technologies, creating a fragmented architecture that required costly remediation. No one had told them about the standard—it only existed in the memories of those on the original call.
Integrity Impact: Fragmented systems with incompatible architectures that couldn't be integrated without significant rework
The Email Thread Knowledge Base
Critical customer requirements were discussed and refined solely through email exchanges between a product manager and three key stakeholders. When the product manager left the company, the development team built features based on incomplete documentation. The resulting product failed to meet actual customer needs because key details were locked in an email archive no one could access.
Integrity Impact: Product features built on partial requirements that didn't meet actual customer needs
The Personal OneDrive Documentation
A security engineer documented detailed configuration requirements in Word documents kept on his personal OneDrive. He shared links with specific people when asked but maintained control of the master documents. When he changed roles, his replacement inherited systems with no documentation. Security configurations gradually drifted from requirements because no one knew what they should be.
Integrity Impact: Security configurations that slowly degraded due to lack of available documentation
Breaking the Information Hoarding Cycle
To stop this integrity-destroying information hoarding, organizations need to implement structured availability practices:
- No Decisions Without Documentation: Establish a rule that decisions aren't final until documented in a shared, accessible location
- End Email Knowledge Bases: Set a policy that substantive information in emails must be transferred to proper documentation systems
- Eliminate Personal Storage for Business Information: Prohibit the use of personal accounts for storing work information
- Default Open Access Policies: Make information available to all employees by default, restricting only when there's a specific reason
- Create Official Knowledge Repositories: Establish clear, well-structured systems where information should live
- Regular Knowledge Audits: Systematically look for "dark knowledge" that exists only in restricted locations and bring it into the light
The most effective solution is cultural: make documentation and knowledge sharing part of everyone's job, not an afterthought. Information that authorized employees can't find might as well not exist—and the organization will pay the integrity price.
Information Needs to Flow to Those Who Need It
Every time someone hides information in personal storage, restricted channels, or undocumented meetings, they're creating future integrity problems. They're ensuring that decisions will be made with incomplete information, systems will be built without important context, and work will be duplicated unnecessarily.
Information availability isn't just about system uptime—it's about ensuring organizational knowledge flows to everyone who legitimately needs it to do their jobs. Without this flow, data integrity inevitably suffers as people work in the dark.
Remember: The best security policy in the world is worthless if it's stored in someone's personal email. The most brilliant architecture decision is useless if it's only shared in a meeting with no minutes. And the most carefully crafted standard is pointless if it's hidden in a SharePoint site no one can access.
Stop information hoarding—your data integrity depends on it.