Trends in IT Industry and Cyber Security
By: Christopher Heishman
Information Technology continues to develop at a rapid pace, spurred on by both the private and public sectors. The cycle is self – feeding. As communications capabilities grow, so does globalization. As the world continues to become more interconnected, the demand for increased communications capabilities grows. In this environment, the IT industry has blossomed exponentially. With it, so have three interrelated trends: increased demand for global IT standardization, a rapid shift to the Internet of Things, and finally, the advent of cloud computing across all segments of the private and public sectors. Research from each of these segments will seek to outline the environment that enabled the rapid growth of the IT industry, draw on conclusions, and assess the future of cloud computing and its relationship with each trend.
Information technology (IT) services and their subsequent security is a rapidly growing and ever evolving industry. Its sweeping range of services encompasses software development and support, computer systems design, development, and implementation, information management, and technical support. Moreover, the critical, and often sensitive nature of the information being developed, transmitted, and stored requires security measures, policies, and procedures that can keep pace with the break-neck speed of IT development. The past several years have seen numerous advances in IT and IT security. Chief among these trends, and discussed herein are the global standardization of IT, the interconnecting of computing devices with everyday life, referred to as the Internet of Things (IoT), and cloud computing technology implementation at both the private and public sectors.
Global Standardization of IT Standards
These trends are indicative of a much larger trend. In much the same way that previous advances in communications capabilities had rapidly increased the rate of globalization, so too has IoT and cloud computing as of late. Indeed, sweeping innovations in the IT industry are providing capabilities at a rate that far surpasses the speed with which individual nation states can regulate and secure their own information networks. This is made evident in the global rash of cyber-based attacks that routinely target national infrastructure to include utilities, medical facilities, and more. In her article, Cyberoperations and International Humanitarian Law, Kosmas Pipyros defines cyber warfare and discusses the wide margin between what is acceptable security and the current existing legal framework. In her findings, Pipyros explains: “the absence of a widely accepted legal framework to regulate jurisdictional issues of cyber warfare and the technical difficulties in identifying, with absolute certainty, the perpetrators of an attack, make the successful tackling of cyber-attacks difficult.” (Pipyros, p. 38) She continues, observing that the ambiguity surrounding cyber-attacks coupled with the sheer openness of the internet render an even more confusing perception of jurisdiction.
Despite the confusion regarding the topic, the United Nations (UN) and the European Union (EU) have worked to effect greater security measures and accountability systems in the hopes that efforts would mitigate cyber-crime and terrorism. Efforts have produced the EU’s Protecting Europe from Large-scale Cyber Attacks and Disruptions: Enhancing Preparedness, Security, and Resilience of 2009, and the Network and Information Security Directive of 2013. The issue is similarly addressed under Article 51 of the UN Charter and in a series of other documents produced by countries such as Estonia, Russia, and Georgia (Pipyros, 2014). Pipyros concludes that although the aforementioned documents represent steps in the right direction, “the international community of states needs something more than bilateral agreements…there is a lack of universal agreements regarding the process [securing cyberspace].” (Pipyros, p. 49)
The Internet of Things (IoT)
Just as nations across the globe are seeking to regulate the internet and secure themselves from cyber-attacks, the IT industry is moving to interconnect an increasing number of computing devices. As broad as the IT field itself, the Internet of things incorporates all forms of internet – based technology – from wearable technology to drones to self-driving cars, and household automatons. As Nolin and Nasrine explain: “The IoT allows people and things to be connected anytime, anyplace, with anything and anyone, ideally using any path/network and any service.” (Nolin and Nasrine, p. 361) With the abundance of advances, however, the IoT also carries with it inherent challenges: security risks, privacy concerns, conflicting software, and even societal impacts to name a few (Hoover, 2017).
Technology’s ascent into the IoT network concept presents the delicate balance between interconnectivity and situational awareness versus effective security controls; convenience versus societal impact and workforce degradation. The United States Military fully embraces the IoT, with each respective branch putting their own flavor into what is described as “an unimaginably large cephapoloidal nervous system armed with the world’s most sophisticated weaponry.” (Tucker, 2017) The Air Force is leading the charge in this respect, seeking to leverage IoT to increase threat awareness in the battlespace. Not to be outdone, the Marine Corps takes this one step further. In April of 2017, the Marine Corps’ Warfighting Lab incorporated satellite and terrestrial – based communications, interconnecting naval vessels, amphibious assault vehicles, airframes, robots, and the individual warfighter himself in a beach assault, sharing threat information, targeting data, and other intelligence feeds (Tucker, 2017).
While the Department of Defense is focusing more on gaining a competitive edge on potential adversaries and remaining ahead of near-peer competition, Federal lawmakers are seeking to advance cybersecurity standards for the IoT. In a statement at a House Oversight and Government Reform Committee meeting, Rep. Will Hurd, R – Texas proposed: “the internet of things presents an opportunity to improve and enhance nearly every aspect of our society, economy and day-to-day lives, but in order for us to be able to fully harness this technology, the internet of things needs to be built with security in mind, not as an afterthought” (Corrigan, 2017). Citing the lack of universal cybersecurity standards for the roughly 8.4 billion IoT devices, the federal government is using their position as the largest consumer in this emerging market to utilize targeted legislation, pushing IT companies to advance more stringent security standards in the pursuit of lucrative government contracts (Corrigan). The second conflict that is shaping the developing IoT trend is that of the price of convenience versus the potential impact on society. Jan Nolin and Nasrine Olson, two Swedish professors from the Swedish School of Library and Information Science, wrote a poignant article delivering a stark warning, advising that the adoption of IoT needs to be heavily scrutinized, as it may carry unintended consequences: loss of occupations traditionally held by skilled labor, deterioration of human instinct in the wake of highly developed device sensors, and loss of human interest in the world around us (Nolin and Olson, 2016).
Cloud Computing Across Sectors and Segments
The final developing trend, the implementation of cloud computing across both the private and public sector, is rapidly changing the information technology landscape. The strongest drivers of this trend are reduced costs, increased accessibility and uptime, and innovation. At the opposing end, cloud computing finds its greatest challenges in consumer fears of over-dependence on the cloud, lack of consumer trust in security measures, and lack of consumer understanding in cloud computing.
Sweeping reduction in costs is the chief driver for both public and private cloud employment. This point is presented most effectively in Maricela Avram’s surmise of cloud execution: “cloud computing represents a convergence of two major trends in information technology – (a) IT efficiency, whereby the power of modern computers is utilized more efficiently through highly scalable hardware and software resources and (b) business agility, whereby IT can be used as a competitive tool through rapid deployment…” (Avram, p. 530). Not only does cloud computing offer reduced costs and increased strategic business alignment, the lower costs lower the bar of entry into the IT industry itself, opening the industry up to smaller firms and even lesser developed nations. The flexible and dynamic nature of cloud computing also allows consumers to pay for the services they use, allocating computing resources more efficiently (Avram, 2013).
This vastly more efficient model is another of the key drivers of cloud employment: greater accessibility and more uptime on the network. For this very reason, the Department of Defense has adopted cloud computing as a model for their own system architectures – more specifically, Microsoft Azure. The shift to cloud computing is a recent one, with the DoD announcing its intentions in October of 2017. Microsoft Azure is slated to play host to a proprietary Secret Cloud, capable of hosting Secret Internet Protocol Router Network (SIPRNet) – the same network employed by the DoD during wartime operations (Konkel, 2017).
As Avram suggests in her article, Advantages and Challenges of Adopting Cloud Computing from an Enterprise Perspective, cloud computing acts as the great equalizer among those in the IT industry, lowering the barriers for small businesses and startups. Additionally, the massive amount of processing power that cloud computing affords to its consumers has enabled applications and services that would never have been possible years prior (Avram, 2013). In an article entitled Cloud Sourcing and Innovation: Slow Train Coming, Leslie Willcocks and associates discuss the topic of innovation in the cloud industry at great length, identifying several factors critical in implementing innovation. Of the factors mentioned, organizational readiness to innovate and the ease of the innovation itself present themselves as most interesting as they are the only items that offer factorial returns on investment. Admiral Richardson, Chief of Naval Operations states it plainly when discussing innovation in cloud computing in relation to warfighting capability: “the rate of progress is not exponential, it’s factorial” (Tucker, 2017).
Although cloud computing offers nearly unlimited potential when intelligently aligned with strategic business goals, it is not without its barriers to success. Of the inhibitions that stand to negatively affect the implementation of cloud computing across the private and public sectors, consumer fears of overdependence upon the cloud is chief among them. As a consumer of cloud services, the customer must understand that all enterprise applications are supplied through the cloud. Indeed, majority of a company’s computing power will be located with the cloud service provider – often physically separated from the users. This new dynamic requires the consumer to have uninterrupted, high-speed internet access and the cloud service provider to be prepared to conduct 24/7 operations. Additionally, the cloud service provider is required to provide continuity of operations planning, incident response and recovery plans. (Avram, 2013)
Fears of cloud dependency tie directly into the second major barrier to cloud adoption: consumer lack of trust in cloud computing and security. Joseph Kwame Adjei, a lecturer at the School of Technology in Ghana, studied the delicate relationship between cloud service providers and national financial institutions in Ghana. The key thread in these often-tenuous relationships was trust. As Adjei states: “trust, by nature, is not transitive, neither is it distributive, nor is it associative. It is not symmetrical.” (Adjei, 2015) Cloud employment is slow in Ghana, as the cloud seems to be an ambiguous, uncontrollable entity, wherein the consumers have little to no say in security implementation. This lack of ownership and control coupled with grave information privacy concerns have greatly stymied the implementation of the cloud. Avram asserts that, “because cloud computing represents a new computing model, there is a great deal of uncertainty about how security at all levels can be achieved. (Avram, p. 533) Security concerns and the unlimited lifespan of personal identity information are a volatile mix that does not engender a great deal of trust. (Adjei, 2015) This lack of trust goes hand in hand with a fundamental lack of understanding in cloud services – a byproduct of the systemic lack of adequate training in cloud provisioning and employment.
Although the underlying concept of cloud computing is not an entirely new idea, its recent implementation has turned the IT industry on its head. Willcocks’ research outlined several points that contribute to the lapse in professional training in cloud computing, chief among them: new service delivery models and the restructuring of the IT industry as a whole. Previously, IT departments rarely aligned with corporate needs. At the organizational level, it was commonplace for the IT department was viewed as ineffective and even ancillary. With the advent of cloud computing, traditional roles of tech support and infrastructure planning still exist, however, cloud computing enables companies to do more with less, thereby placing a premium on fewer personnel of higher quality, more aligned with corporate goals. (Willcocks, 2013) With the IT practitioner becoming more of a player in corporate America, a greater emphasis is thus placed on their training and professional development – without which, cloud employment would be negatively affected.
Despite the series of inhibitions to cloud implementation, cloud employment at all levels of public and private sectors and across all segments is inevitable. Reduced costs to information technology infrastructure will drive initial interest in cloud computing. As businesses continue to adopt the cloud, they will find that their overall effectiveness will multiply. Entities will note that with innovation comes more savings, greater profits, and more opportunities to innovate and maximize on technological gains.
In conclusion, cost reduction, greater accessibility, and innovation will trump consumer concerns of over-dependence, trust, and training. As the public and private sector continues to adopt the cloud model of IT infrastructure, additional gains will be made in the Internet of Things, capitalizing on stronger, more developed cloud architectures, richer services and more powerful applications. Finally, as communications capabilities continue to develop, increased globalization will underscore the demand for international legal frameworks that can more effectively secure cyberspace.
Adjei, J. K. (2015). Explaining the role of trust in cloud computing services. Emerald Group, Vol 17, No 1. 54 – 67.
Alali, F. A., & Yeh, C. (2012). Cloud computing: Overview and risk analysis. Journal of Information Systems, Vol 26, No. 2, 13 – 33.
Bayramusta, M., & Aslihan, N. V. (2016). A fad or future of IT?: A comprehensive literature review on the cloud computing research. International Journal of Information Management, Vol 36, No. 4, 635 – 657.
Corrigan, J. (2017, October 4). Can the government’s buying power create a more secure internet of things?. Retrieved from http://www.nextgov.com/cybersecurity/2017/10/can-governments-buying-power-create-more-secure-internet-things/141534
Hoover’s, A D&B Company. (2017, October 17). Information technology services: Business trends and industry opportunities. Retrieved from http://subscriber.hoovers.com.ezproxy.umuc.edu/H?industry360/trendsAndOpportunities.html?industryId=1119&printPreview=true
Konkel, F. (2017, October 17). Microsoft cloud can now host classified pentagon data. Retrieved from http://www.nextgov.com/cloud-computing/2017/10/microsoft-cloud-can-now-host-classified-pentagon-data/141844
Maricela-Georgiana, A. (2013). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, Vol 12. 529 – 534.
Marston, S., Li, Z., Bandyyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing: The business perspective. Decision Support Systems, Vol 51, No 1. 176 – 189.
Nolin, J., & Olson, N. (2014). The internet of things and convenience. Emerald Group Publishing Company, Vol 26, No 2, 360 – 376.
Pipyros, K., & Mitrou, L. (2016). Cyberoperations and international humanitarian law: A review of the obstacles in applying international law rules in cyber warfare. Information and Computer Security, Vol 24, No. 1, 38 – 52.
Tucker, P. (2017, September 26). The future the US military is constructing: A giant, armed nervous system. Retrieved from http://www.defenseone.com/technology/2017/09/future-us-military-constructing-giant-armed-nervous-system/141303
Willcocks, L. P., Venters, W., &Whitley, E. A. (2013). Cloud sourcing and innovation: slow train coming? Strategic Outsourcing: An International Journal, Vol 6, No 2. 184 – 202.