KM in this chapter refers to processes and mechanisms of creating and sharing knowledge. KM can be defined as “the systematic and organizationally specified process for acquiring, organising and communicating knowledge of employees so that other employees may make use of it to be more effective and productive in their work” (Hahn and Subramani, 2000). There is extensive literature on KM processes including Fernandez and Sabherwal (2010), Awad and Ghaziri (2004), Dakilir (2011). Based on those literatures, these processes as shown in Figure 1 include:

• Discovering: The process of finding where the knowledge resides.

• Gathering: Knowledge gathering is alternatively used to explain the capturing. Fernandez and Sabherwal (2010) define capturing as the process of obtaining knowledge from the tacit (individuals) and explicit (such as manuals) sources.

• Filtering: The process of minimizing the knowledge gathered by rejecting the redundancy. That can be done by individuals or software agents (Dakilir, 2011).

• Organizing: The process of rearranging and composing the knowledge so that it can be easily retrieved and used to take decisions (Awad and Ghaziri, 2004).

• Sharing: It is the way of transferring knowledge between individuals and groups (Awad and Ghaziri, 2004). Fernandez and Sabherwal (2010) define knowledge sharing as “the process through which explicit or tacit knowledge is communicated to other individuals.”

In our model, we consider these processes as the functions to be implemented by people to create and share knowledge. Later in section 4, we show how we model what is called knowledge activities according to these functions.

2.2 Social networks in business environment

Social interaction has been mentioned by many authors as one of the factors for successful KM systems.

Businesses and organizations in the era of globalization become more dependent on each other. That is interpreted into collaboration where exchange of knowledge is a key factor to participate and collaborate. This collaboration is an interaction between individuals either within the business itself or between businesses. This interaction happens through what is called social networks. In the context of business, these networks are the business networks (Qureshi, 2006).

Networks support the organization to access knowledge, resources, technologies, and markets. Researchers argue that the most important benefit of social networks is approaching new sources of knowledge (Chatti, 2012). These social interactions should be supported in these environments (Fischer and Ostwald, 2001).

In our research, we propose a model to manage gathering, creating, organizing, and sharing the knowledge between business networks within the complex business networks environment. The research sees knowledge sharing as predominantly a socio-technical issue. From the point view of privacy, we show what strategies for controlling privacy between these networks.

2.3 Technology as KM enabler

Technology in KM should be considered as a tool to support people to implement knowledge processes and activities. However, technology should not be a replacement to human factor.

Many literatures and researches consider technology as a critical success factor in supporting KM systems. These papers include Wong (2005), Moffett et al. (2003), Luo and Lee (2013), Alazmi and Zairi (2003), Davenport et al. (1998), and Rasmussen and Nielsen (2011).

Many authors also report that the approaches followed to use technology as KM driver is not adequate. That is because KM systems are treated in the same way as information systems in terms of design and implementation. Nunes et al. (2006) observe from the interviews that ICT presence and implementation does not mean that knowledge is shared effectively throughout the firm. Fischer and Ostwald (2001) report that technology alone is not adequate to solve the issue of KM.

Limitations of the technology in supporting KM can be summarized as following:

1. Technology does not serve more than the storage of information (Currie and Maire, 2004; Nunes et al., 2006; Birkinshaw, 2001).

2. Limitation to knowledge types. IT systems operate as storages for explicit knowledge more than tacit type (Nunes et al., 2006; Birkinshaw, 2001)

3. Overlooking the “social interaction” phenomena when introducing IT for KM. Considering this sort of limitation is crucial as the social interaction is a main mechanism in knowledge sharing and transferring activities (Birkinshaw, 2001).

Our approach in designing the model is considering technology as a supporter and enabler to the KM. Technology is to be employed to manage and support the social interaction between individuals and groups in business networks rather than substitute them.

2.4 Security and privacy in KM context

Knowledge as an intellectual asset must be protected. Business secrets should be highly protected for not to be captured by the other competitors. In this case, an access control mechanisms should be implemented to provide this sort of protection (Bertino et al., 2006). These mechanisms suppose to control the access of knowledge when sharing and transferring processes take place. Knowledge creator or owner specifies who should be permitted to access this knowledge (Bertino et al., 2006; Muniraman et al., 2007).

Control access procedures should be easy and user friendly. As mentioned by Muniraman et al. (2007) that the system should not have much restrictions so users do not refuse to use the system. In other words, there should be a balance between privacy and accessibility. Knowledge is to be accessed only by authorized people, and those authorized are supposed to access knowledge easily when they need it.

It is known that knowledge is either in explicit or tacit form. Also, and as mentioned previously, that tacit knowledge presents the most of knowledge. In context of information systems, usually security and privacy techniques and procedures focus on how to control accessing the information storage artifacts. Tacit component of knowledge should be considered in designing privacy and security procedures and policies. Policies in organization must be implemented to control accessing knowledge and experts, and what kind of knowledge should be transferred and to whom.

As our choice for the infrastructure in implementing our model is the cloud technology, in Section 3 we present cloud computing overview and explain the issue of privacy and security. Then, we present the idea of our model and what are the strategies to be followed to implement privacy procedures and policies.

The idea behind cloud computing is that the local computer does not deal with running the applications. Instead, the powerful remotely accessed computers and servers are dealing with this job (Strickland, 2008).

Marston et al. (2011) define cloud computing as “an information technology service model where computing services, both hardware and software, are delivered on-demand to customers over a network in a self-service fashion, independent of device and location.”

Accessing of cloud computers, network, and services is done through interface software that runs in the local computer. The simple example of that is the Web browser. Cloud computing is not a new idea as it has been implemented through remotely accessed applications such as Yahoo, Gmail, and Hotmail. Simply the cloud computing architecture can be defined through two parts, the front end and the back end. The front end represents the client that accesses the cloud via interface software, and the back end represents the cloud where the servers, data centers, and powerful computing machines reside. Here, the virtualization can be implemented to reduce the need of hardware machines (Strickland, 2008).

Features of cloud computing (Strickland, 2008) can be summarized as follows:

1. Accessibility: accessing applications anytime from any place.

2. On demand self-service: refers to the availability of service along time.

3. Scalability: it is the ability to quickly and automatically to scale out or to scale in.

4. Cost reduction: reducing hardware needs in client side, either for computing or storage. That reduces onsite infrastructure costs.

Three main layers of services represent cloud computing technology. These layers are (Furht, 2010) as follows:

1. Infrastructure as a Service (IaaS): This refers to the hardware component of cloud. It includes the virtualized computers and the storage accessed by them. These computers should have a guaranteed processing power.

2. Platform as a Service (PaaS): This layer is considered as development environment for developers. It contains the operating system and may contain Integrated Development Environment.

3. Software as a Service (SaaS): It is shown as the top layer. It represents those services accessed remotely by the users to utilize and to make use of the platform and infrastructure.

The aim of our model is to implement services on cloud to support KM activities between business networks. These services are supposed to use cloud as infrastructure and to be implemented as SaaS on this infrastructure.

There are three types of cloud computing that can be described as follows (Furht, 2010):

1. Public cloud: Cloud computing resources are accessed through the Internet. It is called an external cloud as well.

2. Private cloud: It is also called internal cloud. It is the cloud computing on private network. In this type, the customer is provided with the full control on data and security.

3. Hybrid cloud: This type combines the public and private clouds.

Figure 2 illustrates the three types of cloud computing as derived from Furht (2010).

In terms of privacy and security, businesses have the choice to run their services either on public cloud, private cloud, or using both. That depends on the nature of business and the level of knowledge and information sensitivity within the firm.

3.2 Knowledge as a service

Based on the concept of services layers, KaaS and KMaaS have been emerged. The research about these concepts addresses how to benefit from the cloud technology to support KM.

Shouhuai and Weining (2005) present their framework to illustrate the KaaS paradigm as in Figure 3. The framework shows the main participants in KaaS. They are the data owners, service providers, and knowledge consumers. Data owners are provided with data produced through their transactions. Knowledge consumers extract knowledge from these datasets through services provided by the service provider. These services are provided by implemented algorithms to support knowledge extraction. In this framework, the Kaas can be described as the knowledge extracted from the owner's datasets by consumers through services upon the request of the consumer.

Lai et al. (2012) describe KaaS as the service provided by cloud to support the interprocess among the members in the collaborative knowledge network. In this research, authors derived another definition for KaaS. This definition states that KaaS is “the process in which a knowledge service provider, via a knowledge server, answers information requests submitted by some knowledge consumers.”

The study of Lai et al. (2012) introduces a KaaS model that supports medical services in China. The model is to build services via cloud to facilitate knowledge flow between the hospitals and Bio-ART center. Bio-ART center is an advanced radiology center that forward the treatments and reports to the hospitals. Hospitals may forward these tests and results to external consultants to give their opinions about these tests and treatments back to hospitals and Bio-ART. This knowledge flow is provided through cloud services to share the knowledge among the network.

Although these models have been suggested for KaaS, but it is still information storage oriented. These models treat knowledge from the aspect of query and retrieve as in information systems and databases.

3.3 Privacy and security issue in cloud computing

Privacy is one of the human rights. Controlling information owned by people is one type of privacy (Muniraman et al., 2007). Types of information need to be protected as mentioned by Muniraman et al. (2007) include:

• Personal identifiable information: Refers to the personal information used to identify people such as their names, addresses, and birth dates.

• Sensitive information: Any information considered as private. Example of that includes information about religion, race, and surveillance camera videos and images.

• Usage data: The information about habits and devices used through a computer. That includes the information about habits and interests observed through the history of Internet usage, for example.

Privacy and security is one of the main challenges in cloud computing environment. Understanding this issue is an important step to implement privacy and security solutions for cloud services and applications when needed (Chatti, 2012; Muniraman et al., 2007).

Pearson (2009) list the key privacy requirements for privacy solutions in cloud. These requirements are:

1. Transparency: Anyone who wants to collect information about users should tell what he wants to collect. Also, users should be told about what this information is to be used for. At the same time, they should be given the choice if they want this information to be used by others or not.

2. Minimization: Only the needed information is collected and shared.

3. Accessibility: Users or clients must be given access to their information to check its accuracy.

4. Security provision: Security should be implemented to safeguard unauthorized access of users from accessing the private information.

5. Limitation of usage: Information should only be limited to the purpose of use.

From the aspect of KM and KM systems, one of the main private assets is the knowledge itself, either if it is tacit or explicit, is owned by an individual, business, or organization. That is in addition to the other information about users, groups, and relationships between them.

In designing such systems, privacy and security mechanisms and policy should be well defined and implemented. In the last section, we provide more explanation about how to support privacy and security in our model based on a real scenario.

4.1 Modeling knowledge organizations and groups

One important aspect here is to define groups that manage knowledge activities and take responsibility for assigning them to roles and maintaining privacy.

In our model, we introduce what is called knowledge groups and knowledge organizations based on LST (Miller, 1971; Miller, 1972) concepts. By definition of LST, the group is a set of individuals and organization is a set of groups.

As shown in Figure 4, the member of a group is any individual (user) that is assigned to one role or more within the group. This individual can be assigned to different roles in different groups. The role here is a number of tasks and responsibilities implemented by an individual(s) in the group.

We also here introduce what is called knowledge organization (KO). This organization contains the groups, groups of groups. The boundary of KO is defined by the knowledge requirements related to a specific knowledge project. For example, gathering for the market and subject material to establish a new course subject in a college or faculty. Figure 4 illustrates the concept of organization, group, and member in our model context.

4.2 Modeling knowledge activities and allocations

Based on knowledge functions presented in Section 1, our idea of modeling KM activities is presented in Ali et al. (2014). KM activity by our definition is applying what is called the knowledge function on the knowledge element. Formally, there may be any number of knowledge elements, for example, sales, purchases, proposals, and so on. So we might define a knowledge element as K(sale) or K(purchase).

Knowledge functions are the KM processes defined in Section 1 which include discovery, capturing, filtering, …, etc. Each knowledge element is supposed to go through all the functions by default.

We use the notation discover(K(sale)), capture(K(sale)), discover(K(purchase)). We call these as KM activities.

A KM activity is a knowledge processing function applied to a knowledge element. These activities are allocated to what is called knowledge organizations and groups defined previously.

One of the goals of our model is to provide choices for changing allocations as systems evolve. The goal is to provide the flexibility to reconfigure the requirements as needed.

Allocations are at two levels, allocation of the knowledge activity to the group, followed by the allocation of action tasks to roles in the group. Here, we illustrate two examples of knowledge elements allocation.

Choices of allocating knowledge elements that are possible (Ali et al., 2014):

• Type 1 Allocation (KM function specialists)—Allocate all activities of the same KM function to one group.

• Type 2 Allocation (knowledge element specialists)—Allocate all knowledge processing activities on the same knowledge element to one organization. The organization then distributes the different knowledge processing activities to different groups.

• Type 3—Each functional unit has its own knowledge processing organization or group.

• Type 4—Totally open (hybrid).

In Figure 5, we illustrate an example of the network of Type 2 Allocation.

The organization is defined as a number of groups. Each group in the specific organization implements one or more of KM processes.

In the organization level, a coordinator role has been suggested to coordinate between the groups in the same organization for collaboration and knowledge sharing. The other main task of the coordinator is to manage these groups by creating and resigning them.

The services to be implemented on cloud should provide the following functions in terms of allocations:

• Creating and resigning organizations, groups, roles, and user accounts.

• Allocating groups to organizations.

• Allocating roles to groups.

• Allocating KM activities to roles and groups.

Privacy approaches should control who joins these groups and organizations, who accesses knowledge created by specific group or individual, and who can share it with others (Box 2).

Box 2

Children Hospital and Bags Factory Scenario (Organizations, Groups, and Allocations):

The empathy activity in design thinking model (Tschimmel, 2012) is the step where the designer takes the dimensions of the product by investigating the user or even those who somehow have a relation with the user himself. In our scenario, the users of product are mainly are the kids who will use these bags. In empathy activity nurses, doctors, and parents can be involved to get more empathy knowledge. Marketing department in the factory may be involved in this activity as well. In empathy activity, the designer collects as much knowledge as he can about what the user needs in relation to the product to be produced.

To define knowledge activities:

Knowledge elements: bag color, bag weight, health concerns

These are the elements that knowledge is to be gathered about.

Knowledge management functions: discover, create, organize

Knowledge management activities: discover (bag color), discover (bag weight), discover (health concerns), create (bag color), create (bag weight), create (health concerns), organize (bag color), organize (bag weight), organize (health concerns).

These activities are to be assigned to the roles and users within the groups as following:

• Empathy Knowledge Organization “EKO” is created.

• This organization contains two groups: empathy knowledge group “Empathy-k” and collaborative team group “C-Team.”

• Roles are to be created into these groups.

• Emapathy-K roles are kid, nurse, carer, doctor, marketing person, Empathy-k-organizer.

• “Emapthy-K-organizer” role in “Emapthy-k” group organizes the knowledge created in this group.

• C-Team group roles: team-member, Empathy-k-organizer

• The “team-member” role task is to make sense about the knowledge created in “Empathy-k” group.

• “Empathy-k-organizer” in C-Team group organizes knowledge created by team members in this group.

• Hospital and factory managers assigned to admin role in the knowledge organization “EKO.” That allows them to manage and modify the organization as needed.

Figure 6 shows how the activities are assigned to groups, roles, and users.