Security

First Grad School Paper Complete: How Has Security (Physical, Operational, Technical, Etc.) Changed over the past One-Hundred Years?

xan-griffin-eA2t5EvcxU4-unsplash

In this paper, I will share facts and opinions by both myself and industry-leading cybersecurity professionals regarding the changes that information security has undergone in the past one-hundred years, what organizations have accomplished to address new threats, and how the general mindset has changed from past-to-present cyber concerns. The world of physical, operations, and technical security in the modern age is best appreciated by studying the path that science has followed. In many technical situations, changes, fixes, and updates directly proceed errors and issues, creating not only the break/fix environment but learning from past tribulations and forming entirely new protection procedures. Businesses and organizations have now grown to the point of superseding the level of power and influence than many small countries possess; it is this reason that encircling these environments in a multi-layered shield of digital and physical security is paramount to continued business operations, personnel safety, and reduction of data theft and misuse. 

How Has Security (Physical, Operational, Technical, Etc.) Changed over the past One-Hundred Years?

When thinking about the future, it is vital to understand the past. So, in what ways has security shifted and evolved over the past one-hundred years? Since the invention of the lock and key, physical security has undertaken a dramatic revolution to keep up to date with rising security risks. We have come a long way from barring access using only walls, gates, and locked doors; many of these security measures are now fully integrated with modern-day technology. Today, the merging of physical and electronic spaces is happening all over the world, combining the once-separated avenues into an interconnected web of protection and visibility. The term physical security is becoming harder to define, as modern data and analytics allow us to see numerous other sides of the physical security equation, ranging from social engineering to growing cyber threats that originate from inside an organization.

As far as physical security technology goes, R.F.I.D. (radio-frequency identification) badges have become almost a standard feature in larger organizations, providing employees a simple method of validating their site code and individual badge I.D. to gain access to the building. In the past, a simple photo I.D. would be used or even just a key; however, this method offers no real collection of who is entering or leaving at a specific time. If an employee is terminated, the security team can merely disable the individual’s access to the building; with a physical key or I.D., it would be up to the security team (prone to human error) to collect the key or ensure that individual does not be allowed access using the I.D. Duplicating a key, while difficult in the past, can now be achieved at your local Walmart for a few dollars, and faking a photo I.D. can be done by high-school students with a proper printer and laminate machine. Thus, R.F.I.D. chips are an excellent method of controlling access to a location and have had one of the largest impacts on physical security during the past one-hundred years. In addition to R.F.I.D. chips, video surveillance, perimeter security systems (microwave/radio waves), iris recognition, fingerprinting scanning, mobile device protocols, and facial recognition are all technologies that have either been created or upgraded in recent years.

The once wood-frame structures and iron-clad doors of physical security in the 1900s have gone digital, enabling security professionals to construct ‘virtual walls’ with code, firewalls, intrusion detection systems, anti-virus programs, malware scanners, and technologically-superior routers, servers, switches, and modems. As a device is nothing without a skilled technician behind it, the science of cybersecurity erupted in recent years, ushering in a new era of digital ‘anti-warfare.’

With the introduction of the IoT (Internet of Things) and enhanced threats from both internal and external risks, operational security has become an entirely new entity over the past one-hundred years. Organizational security is vital to ensuring the swift and secure communication of data inside a company and to external personnel/locations. With such a vast amount of information passing through servers and employees, the procedures and policies used to govern and secure everything has been required to adapt to the risk of data loss and theft. Many security measures have been introduced just in recent years, such as implementing precise change management processes, restricting access to network devices, giving employees minimal access, implementing dual control, automation of tasks, enhanced incident response, and disaster recovery planning. “Security used to be something that an information technologist or network engineer studied on the side. Now, you see full-fledged cybersecurity experts who must be up to date on all the new and emerging technologies and vulnerabilities” (Hirsch, 2014).

The most significant aspect of modern technology, in my opinion, is the automation of security tasks, eliminating the human requirement. As we all know, humans are prone to making mistakes, allowing their emotions to get the best of them, and are typically motivated by their individual desires. For security in the past, simply bribing a security guard at a location with a substantial dollar amount would allow you access to many locations. No, you will often see technology in the role of the ‘gatekeeper,’ providing high availability and a reduction in inconsistencies.  Phishing attacks in the early ’90s were devastating, as employees were new to the Internet and not educated on proper cyber-etiquette, like spotting malicious or spoofed emails; thankfully, with modern technology, these tasks have been automated through A.I. or scripts, removing the risk-filled human element from the equation entirely. Automation also allows a single security professional to perform the same number of tasks that would take an entire team to administer not too long ago, reducing costs and in the end, producing a higher quality product.

How Have Organizations Changed the Way They Look At, Address, or Handle Security Concerns?

Since the dawn of human creation, we have been a species which has focused on one thing, self-preservation; the caveman did this with building fires to thwart insects and animals and provide heat, kings did this by building castles with moats, and in modern times, while we, for the most part, are protected from  these past-concerns, we need to focus on numerous other threats that didn’t exist before. Today, we utilize a wide variety of security hardware, software, procedures, and policies to ensure that our organizations are protected, whether it is on the physical or digital battlefield.

With the continuously rising level of technology and threats, how exactly have businesses and organizations altered their visibility, actions, and procedures when dealing with security events? Our hardware has undergone many changes, from increasing power, accessing new networks, supporting more users, and protecting against intrusion. We, as a species, have gone from having a computer the size of a room to having one in our pocket with over one million times more memory than the Apollo computer had in RAM (to land a man on the moon). As with everything, with great power comes great risk. Using a cell phone, you can potentially gain access to a company’s I.T. infrastructure by merely getting close to the building using Wi-Fi. In the past, you would have to physically break into the building to steal valuable resources, but with the modern age, all the possessions we deem most valuable are online.

Organizations know and study this as a science. Data, analytics, crime patterns, social engineering, and real-world hacks and bugs are analyzed and built into methods to protect against threats. No longer are we a cybersecurity community of break-fixes, in the modern world, our goal is to completely prevent the future misuse of our data and systems. In 2011, Sony’s PlayStation Network was attacked and breached, compromising more than 77 million personal accounts; at around a $170 million loss. Sony, of course, thought they would be covered by the insurance policy they had; unfortunately, it was decided in court that this would be a painful lesson for Sony and the world to learn, as they were held responsible for the damage.

Companies now focus on utilizing as many safeguards as they can regarding physical, environmental, internal, and external threats. By enforcing strict network policies, using the latest security software and updates, researching best practices and rising trends, creating and testing data backups (both off-site, cloud, and internal locations), and by performing penetration tests on their current safeguards, organizations are endlessly attempting to stay one step ahead of the next threat, attack, or bug.

Discuss the Organizational Concerns a Corporation Has in the 21st Century with a Different Mindset of Security Than in the past and How It Is to Assist with That Organization.

In the 21st century, security professionals must adapt to the modern age of technology using a different security mindset than what was used in the past, by focusing their attention on emerging technologies such as the cloud or A.I. Additionally, with the vast amount of work required and the high-value of risk of protecting a massive corporation, many are making the switch to using an M.S.P (managed service provider). An M.S.P. is merely a company that remotely manages a client’s I.T. systems based on a subscription of services. In the world of I.T., many tasks can be automated, and jobs such as patch updates can be performed remotely; due to this, many larger organizations turn to an outside company to handle their I.T. operations. In my opinion, depending only on an external party to keep your networks and hardware up to date isn’t the greatest option for when disaster strikes; however, when coupled with an in-house I.T. team, this arrangement can be both cost-effective and beneficial.

Modern businesses rely on several outside services to keep up with the competition, such as complex email packages and telecom systems, and I.T. is no different. Everything from security, licenses, network administration, hardware installs, and troubleshooting a company’s issues need to be both performed and checked daily at the minimum; with small to medium-size businesses, these complex and prolonged tasks are often outsourced. Usually, an M.S.P. will handle the time-consuming, repetitive, and complex tasks, while an in-house I.T. team will handle day-to-day operations.

By far, organizations of the 21st century, if not already, need to turn their focus to the cloud. Implementing cloud computing offers many benefits for a company of any size. One of the most significant strengths is increased efficiency since services can be quickly deployed; this reduces the time it takes to perform normal daily operations by a substantial amount, freeing up valuable resources and personnel. Cloud computing also offers enhanced agility when it comes to I.T.-related projects; results are produced faster and are of a higher quality. Cloud storage enables a company to adapt to new business models, as well as strengthen existing ones. Having data stored in the cloud eliminates the need for multiple storage devices on-site; this reduces electricity consumption, lessens the requirement for cooling, and the need for I.T. professionals to install and monitor those devices is gone. Finally, as stated by Jeff Dennis from CloudTech, “Cloud-based solutions allow for patch management with comprehensive scanning to identify missing patches. Deployment is efficient, and you can select a patch management tool that offers reporting capabilities to match your business’ unique requirements” (Dennis, 2018).

Scalability is another area that excels with cloud computing. When a company requires more data storage, instead of purchasing new storage devices, they can easily increase their available resources with their cloud provider. Security is an additional area of cloud computing that will change the way we fight against attacks like ransomware. While having sensitive data on the cloud can seem risky, virtual private clouds, encryption, and API keys help safeguard the data. Finally, having your company’s network accessible on the cloud enables employees and customers to access what they need from practically any internet-connected device. By an organization using the cloud, more funding can be spent on security personnel, equipment, and training.

Artificial Intelligence (A.I.) will be a significant factor in the future of cybersecurity. A.I. can improve our throughput by completing tasks that involve a sizable amount of time in a matter of seconds, as well as shield the data from intrusion. A.I. technology can substitute many jobs that humans currently have, as well as operate faster and free of errors, which makes A.I. a perfect contender for cybercrime prevention. A.I. can also learn and predict real-world risk factors of cybercrime, offering businesses the ability to ‘look’ into the future and take note of ransomware attacks, what social aspects lead to an employee misusing data, and even flag files that have been known to contain malicious content.

The past one-hundred years in security have been eventful, to say the least, with major events ranging from the war in the Middle East to the attacks on 9/11. With the growing security concerns of the 21st century, organizations need to stay ahead of the competition, hackers, and the internal/external risks that come with it. By utilizing cloud storage/computing, A.I., enlisting the assistance of an M.S.P., and analyzing every security event for knowledge of future attacks, technology can be both our best friend, yet worst enemy. Deciding which relationship you wish your organization to have with technology is up to you.

References

Hirsch, M. (2014, October 17). How Has Cybersecurity Changed Operations? Retrieved November 26, 2019, from https://www.securitymagazine.com/articles/85861-how-has-cybersecurity-changed-operations.

Dennis, J. (2018, June 25). Three Unbeatable Security Advantages of Cloud-Based Solutions for Your Business. Retrieved November 26, 2019, from https://www.cloudcomputing-news.net/news/2018/jun/25/three-unbeatable-security-advantages-cloud-based-solutions-your-business/.

Fennelly, L. J. (2017). Effective Physical Security (5th ed.). (pp. 67-84). Cambridge, MA: Elsevier.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s