Industry Corner: The Information Security Marketplace
Hester, Edward D., Gross, Andrew C., Business Economics
Since the dawn of the computer age over four decades ago, many tools have been developed to safeguard equipment and services. Concern has grown steadily regarding electronically stored and transmitted information. Older, conventional devices include locks, alarms, access controls, and closed-circuit television monitors. More recent developments include specific methods such as passwords, encryption systems, electronic firewalls, and complex systems for assuring authorization and preventing electronic shoplifting by insiders and hackers.
Information security became a distinct sector in the late 1960s and the 1970s with the advent of remote access computing, the use of dial-up modems, and the concomitant needs to make quick decisions about allowing or denying access. Then in the 1980s, control of computing power began to shift from information centers and data processing personnel to individual desktop users. In the 1990s, client-server networks and data exchanges abound within and among organizations. In this new "distributed environment," the threat of internal and external security breaches rose dramatically, so safeguarding has become more imperative.
Still, the vast majority of U.S. companies as well as public and nonprofit agencies were slow to incorporate higher level, dedicated security equipment and services until the mid-1990s. The catalyst for the recent move toward heightened awareness has been the rise of public computing networks, specifically the Internet and the World Wide Web (Net/Web) and the proliferation of intranets within organizations. The intraenterprise networks must be linked to a firm's own divisions, suppliers, customers, and others, but within strict limits. As the economy moves closer to the full flowering of electronic commerce, the matter of secure transactions in cyberspace becomes an absolute mandate.
On balance, secularly expanding sectors such as information security are not as directly influenced by general economic conditions as mature, cyclical ones such as automobiles and construction. Nevertheless, macroeconomic forces are still important for the former activities, because they literally create and expand the market base. In the 1990s, the use of computers has been pushed down to the level of small firms, nonprofit groups and households; this would not have been as likely in a recessionary climate. Clearly, sharply falling prices plus more power, speed, and memory for personal computers also played a major role. The long business expansion of the past seven years allowed companies to invest in computer/communication resources. Information technology is finally paying off in increased productivity.
In spite of information overload, most organizations and individuals are clamoring for more. Much of this demand for "surfing the Net/Web" is just that, taking a deeper look at data warehouses, window shopping in the electronic supermarket. But electronic commerce, which means conducting business transactions of all kinds in cyberspace, is gathering force. Banks and other financial service firms are consolidating because of technology (e.g., image transmittal rather than shuffling of actual paper checks). In all such endeavors, proper security measures must be taken to assure authenticity and privacy. This bodes well for vendors of information security hardware, software and services.
According to a recent report by Price Waterhouse, the basic components of information technology security are the "5As plus a C" - authentication, authorization, administration, auditing, accountability, plus cryptography. These facets are designed to foil would-be abusers, in or out of the organization. As of late, European firms have been recognized as setting internationally recognized standards in the field, while in the United States the focus has been on federal government control on encryption, especially the export of cryptographic products. …