Printer Friendly

Brave new world of communications technology.

THE WORLD IS undergoing vast changes, especially in the development of new technologies. These changes are most evident in the computerized communications systems used by industry and government. Today, the half-life of computer technology is estimated to be a year. This means that before this next year is completed some new technological advance will make a previous one obsolete.

The impact of these changes is felt throughout the economy. More jobs are moving to service industries. In many cases, these new positions involve workers who are performing business functions and operations by developing, processing, storing, manipulating, and comunicating information using the new technologies.

A new book, Paradigm Shift: The Promise of Information Technology,(*) describes the fundamental changes in information technology. The authors, Don Tapscott and Art Caston, maintain that these changes include major shifts in the world's economic and political order, which has become more open and volatile. In addition, business is becoming more competitive and dynamic, and organizations are becoming flatter and more market focused.

These shifts, combined with the revolutionary changes in information technology, have brought about a new era where information is more accessible and easier to use. But accessibility has a downside. It complicates the security required to protect computer and telecommunications systems.

In the old information era, the computing and telecommunications model was a characteristically isolated, expensive, host-based system using hard-to-access proprietary architectures. The model had a host computer at the center with terminals and other devices connected to the computer. Applications were designed to meet organizational requirements.

Users of systems based on this model often experienced poor performance and found the systems to be inflexible. These centralized systems required extensive technical support and were frequently difficult to manage.

In contrast, the new information era is experiencing innovative transformations in several fields. These fields include distributed computing, open systems, information forms, and user interfaces.

Distributed computing. Although the old information model included terminals, or unintelligent devices, to be connected to the computer, these systems required users to be technically knowledgeable to execute defined applications. In contrast, the distributed environments of the new information model, frequently referred to as client/server computing, includes the following:

* Providing appropriate computing power to workers wherever they may be located

* Making software available where it is needed

* Giving access to all data required to accomplish the tasks

Open systems. In the old information model, software was based on proprietary hardware architectures. As a result, organizations were captive to a particular vendor's computer and telecommunications systems. In contrast, the new information model is based on open systems architectures. Here, businesses can mix software from competing vendors.

Information forms. Information may take more than one form: data, text, voice, and image. In the past, the forms of information were separate within their own technology. For example, data was manipulated by data processing systems; text was managed by word processors; telephone systems supported voice; and copying machines handled image requirements.

Under the new information model, a workstation user may work with compound documents that include text, digitized images, and audio all processed, manipulated, and communicated electronically. In some instances, various parts of compound documents may be stored on different servers distributed throughout the enterprise. In other cases, compound documents may be stored on small, mass-storage devices that may be easily transported from system to system.

User interfaces. The user interfaces in the first information model were mostly unfriendly and based on alphanumeric representations. The new model characteristically implements graphical user interfaces (GUI) that allow users to move a pointer to symbols and simply click to execute various system functions automatically.

THE SECURITY IMPLICATIONS OF THESE TECHNOLOGICAL developments are profound. The model of the new information era allows faster access to more information for more people. It provides them the opportunity to execute more functions with more flexibility in controlling and manipulating that information than ever before. Security of information systems must move from Maginot line bunker and compliance-driven approaches to providing flexible security based on the value of the information to be protected. The new information era must include fundamental changes in both security technologies and the way organizations implement information systems security.

The safeguards required to protect computer and telecommunications systems, and the associated information, must be risk based. Provable and easy-to-use risk assessment methodologies must be developed to provide a standard baseline for measuring security risks. These risk assessment methodologies should permit users of microcomputers, as well as users of complex distributed networks, to reasonably estimate the security risks. Users must be able to select appropriate safeguards for their respective systems based on realistic cost-benefit analyses.

The risk assessment process should identify security safeguards that can adapt to information systems technology throughout the systems development life cycle. Security safeguards must provide incremental levels of protection and be fully integrated into all aspects of information systems, including hardware, software, applications, database, and communications. Also, safeguards must be based on technologies that automatically select appropriate levels of security based on profiles of the information being processed.

Safeguards must be easy to use and provide a provable level of trust. Security safeguards must uniquely identify and authenticate each user. Additionally, safeguards must be fully auditable and automatically report any attempts to by-pass security.

Data owners and users must be able to define levels of protection easily based on the sensitivity and importance of the information being processed. Information must be protected based on its value to the organization. Appropriate safeguards must be capable of protecting information while it is being stored, processed, and communicated. Security technology must be designed to provide increased protection as sensitive information is aggregated. Systems must be able to automatically detect unauthorized use or abuse and provide real-time reporting of security events.

IN MANY CASES, SECURITY DURING THE OLD INFORMATION ERA was compliance driven. Inflexible controls were instituted with a police approach of detection, prevention, and investigation with hardware and software being protected in vault-like environments. Large amounts of information were categorically protected regardless of the value of individual data elements. Organizations frequently relied on a set of rules to dictate how information was to be safeguarded.

In contrast, security in the new information era will have to be fully designed and integrated into the information technologies. Organizational policy should be designed into all aspects of computer and communications systems. Minimum security policies should be incorporated into the systems so they cannot be bypassed. Additional security policies should be implemented so that they can be incrementally selected and audited based on the level of information.

The revolution in information technology requires a similar revolution in providing security for the new information model. On one hand, security must become more technical in its design; at the same time, it must be easier to implement by users throughout the enterprise. Security safeguards must be incorporated in all aspects of information technology to provide seamless protection. The power of technology must be harnessed to provide protection safeguards commensurate with the risks to security that same technology has created.

* Don Tapscott and Art Caston, Paradigm Shift: The New Promise of Information Technology (New York, NY: McGraw-Hill, Inc., 1992).

James R. Wade, CISSP (Certified Information Systems Security Professional), is a program manager for the Information Systems Security Program Office of Battelle Memorial Institute in Columbus, Ohio. He is chairman of the ASIS Standing Committee on Computer Security.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Safe Communications in the 1990s
Author:Wade, James R.
Publication:Security Management
Date:Mar 1, 1993
Words:1222
Previous Article:A unified approach to crime prevention.
Next Article:Seeing into the world of fiber optics for security.
Topics:


Related Articles
Courageous 21st century leadership: Leading a co-op after September 11, 2001. (Lefty's Corner).
BRAVES: DECADE'S DARLINGS; SERIES SCHMERIES; '90S CASE CLOSED AND YANKS TRAIL.
WALK ON THE WILD SIDE; STRATEGY FAILS: ROGERS WALKS IN WINNING RUN : ATLANTA 10, N.Y. METS 9.
WALK ON THE WILD SIDE; METS' GAMBLE FAILS; PROPELS BRAVES TO SERIES : ATLANTA 10, N.Y. METS 9.
GET READY FOR SOME GENUINE BASEBALL.
DATE WITH WRECKING BALL : FEW MOURN IMPENDING DEMISE OF ATLANTA PARK.
BRAVES JUST CAN'T GET RID OF GANT.
SHELL-SHOCKED BRAVES PONDER EPIC COLLAPSE.
RE-SIGNING SMOLTZ A MAJOR PRIORITY FOR BRAVES.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters