It is inevitable that as long as there is progress one advance brings with it at least one new problem. To be more accurate it is probably not an entirely new problem but one that has always been there but now becomes a far more significant one.
Usually the new problem generates a whole new industry to cope with it. As an example the advent of networked PCs in office environments created the market for cabling, bridges, network monitors, etc. Companies such as Cisco grew from this opportunity and while there was an established market for supporting cluster and SNA controllers, etc, it was the new companies that dominated.
Security is the latest and biggest new market sector in IT. From the day that interactive terminals were connected to a computer there has been a security problem, but the advent of the Internet has exposed the problem and it is now reaching very large proportions.
In the early days all input to a computer was in batch form, i.e. punched cards. Even the early terminals were connected to a special data preparation system, which fed data to the main computer but did not allow direct access to it. The minicomputer revolution changed all that. Digital lead the way by introducing the PDP-11 with the RSTS operating system (designed for interactive, multi-user scientific applications in the first place) as a small business system. IBM et al were forced to react and the interactive System 36 and 38 usurped the old batch oriented System 3. It simply snowballed from there and interactive terminals became the norm on all systems.
However security problems in that era, while still very important, were constrained to password management as much as anything else. Most systems could be easily broken into because some users learnt that they could store their password under a programmable function key, which any one in the know could press! The first lesson that was learnt from this was that discipline is all important, and still is.
The advent of networked PCs increased the security problem, but not because the PC was intrinsically more vulnerable than a character terminal, but because the same PC could be used for office functions as well as data processing. Thus there was a much bigger and more diverse set of users. This however is an example of how the price is worth paying because the benefits of increased functionality outweigh the cost of security.
However the Internet is a completely different story because now there are uncontrolled external users as well as employees who are potential users. Most Web-based systems are built independent of the main internal systems, using Application Servers to integrate the Web front-end with core systems. But while this provides an isolation between the Internet user and the main systems, the need for communication gateways means that there is a loop hole into other systems that clever hackers can (and do) exploit. It is problems such as a virus in an inoffensive e-mail that corrupts the PC network and therefore interferes with all the internal systems indirectly. Direct or indirect doesn’t matter, it is a problem! Interference with applications is one fear but the possibility of access to the databases is equally worrying.
The other security problem that the Internet creates is due to the basic nature of the service on offer. An interactive C2B e-commerce application must be attractive and easy to use (not that you would know that from the bulk of applications on offer today!) and yet be secure, both from the company and user perspectives. Security and ease of use are conflicting requirements and have always been a problem; the easiest way to have made the old mainframe systems easier to use would have been to turn the security off! There must be compromise in practice. In contrast the internal systems and B2B e-commerce are exposed to a more restricted set of professional users and are somewhat easier to control. Those users will more readily accept constraints imposed by security than Internet users. However there is still no place to hide because while professional misuse is lower in volume than Internet hacking, the magnitude of any single "hack" can be enormous. For years it has been thought that internal users accounted for 75% of computer fraud. Today it is about 50/50 but that is because external fraud has increased, not a reduction in the internal problems.
In summary security is a necessary evil which has to be addressed!
Martin Healey, pioneer development Intel-based computers en c/s-architecture. Director of a number of IT specialist companies and an Emeritus Professor of the University of Wales.
