The economic boom of the 1950’s led to enterprises looking to automate accounting functions to keep up with the accelerating speed of business. Large electro-mechanical devices were installed that used plugboards, plug-in cables run by experienced technicians who generated punch-cards that stored data and could be reloaded for reporting purposes. The vulnerability was quite high–an experienced technician or operator could simply create their own card to give themselves a raise or bonus and then issue a check through payroll. However tempting, the incidence of fraud was surprisingly quite low. The concept of a user interacting with the system simply did not exist and the primary emphasis of security focused on the physical protection of the system.
The 60’s brought the era of time-sharing, real-time processing, online systems, dumb terminals and a family of computers. The vulnerability to security in this era was the growth of “the user”. This marked the first time the general enterprise employee was allowed access to computer systems; they could now access data on-line and even write directly to the system. Further, there was no longer a single point of control in the enterprise. Computers were now in the office without any direct physical guardian.
The microprocessor laid the groundwork for the advent of the personal computer in the 70’s. For many, the computer at home was a novelty with promises for productivity. However, this represented a major milestone as the general public’s computer literacy was growing. It wasn’t until the 1980’s when the PC reached mass adoption. By 1990, 1 in 5 households had a PC. To put that in perspective, only 1 in 10 had a camcorder*. Commercial grade packaged software use has also expanded exponentially furthering the use and utility of PC’s.
The educated population combined with the mass adoption of the PC coupled with total interconnection of the 90’s led to a new level of vulnerabilities not yet experienced in computing. PC’s were connected with each other, other systems, enterprises, banks, hospitals and government agencies. Now as the Internet of Things (IoT) hopes to drive even greater connectivity, additional risks will be created at each and every connection point.
Throughout this evolution, the changes in how we capture and categorize security elements has changed. The classic framework referred to as CIA (confidentiality, integrity, availability) is no longer adequate in the current age of computing. Six new security elements are now used: availability, utility, integrity, authenticity, confidentiality and possession.
How will the current model need to evolve as we enter the era of hyper-connected devices?
*The Wall Street Journal (1998); Tuning In: Communications technologies historically have had broad appeal for consumers