I take some ribbing now and then for what is perceived as an overzealous focus on security. It probably stems from prior experience where I had to label every paragraph in a document as "top secret", "secret", "confidential", "for official use only", "unclassified" or "not for release". Don't ask my why we actually needed six classification categories.
When I moved onto the business world a bunch of years back, I always thought it would be easier to get information. Was I wrong. As a strategy consultant it was always very difficult to get information from client companies. Talking to friends, its just as hard or even harder within companies. I bet people spend 30% of their time trying to get information, often-times to find out that it's useless.
I think people classify things for four reasons. One, because it deserves it - maybe true for 15% of information. Two, because it's the default mode - no one ever got fired for classifying information. Three, because it validates people's work - if it's classified it must be good. Four, because some people look out for their own self-interest by "owning" information as a power card.
The answer? New ways of thinking and working. Our team has been working to adopt and spread social media tools recently. One example is internal wiki's. They have been great for 360 degree information awareness because they tend to remove the default mode of classifying information.