Using selected references, this paper examines the role of Information Technology in Business with a focus on network security. It does so by examining the impact of Information Technology from the infancy of technology to its influence on how business is conducted today. The paper goes into the details of how some information technology tools actually go about making a difference on business operations. It outlines the connection between the flow of Information Technology and the importance of network security. It also analyzes some of the draw backs involved in the use of IT, with focus on the calamity that may be caused by an unsecure network. The paper concludes by reflecting on the journey that IT and network security has taken; its overall contribution and future influence on business.
The Role of Information Technology in Business
Over the last six decades Information Technology, more commonly referred to as IT, has played an increasingly important role in how Business has been conducted. From its use in the assembly lines of many manufacturing companies to strictly online ecommerce enterprises, Information Technology is a force that has redefined the way business is done. Today, IT has become a crucial factor to be considered when helping companies from all industries maintain a competitive edge in the face of growing global competition and rising customer demands for speed, convenience, quality, and value (Daft, 2008).This paper will examine the evolution of Information Technology, Networks and Information Technology tools, threats to IT in business such as network security issues, and remedies which can be implemented. The Evolution of Information Technology
Computing and Information Technology can be traced back across many centuries. The development of mathematical formulas and theoretical concepts led to the development of tools to help in computation. The first electronic digital computer, ENIAC (Electronic Numerical Integrator and Computer), was developed for the U.S. Army and completed in 1946. Von Neumann, a Princeton mathematics professor, developed the idea further. Von Neumann added the idea of a stored computer program (Mauchly, 2005). The program was a set of instructions stored in the memory of the computer, which the computer obeyed to complete the programmed task. Following this, computers and computer programming evolved rapidly. The move from vacuum tubes to transistors significantly reduced the size and cost of the machines, and increased their reliability. Soon after came the integrated circuit technology, which has reduced the size and cost of computers. Mauchly (2005) states that in the 1960s, the typical computer was a transistor-based machine costing half a million dollars, and needing a large, air-conditioned room and an on-site engineer.
The same computer power now costs $1,000 and sits on a desk. As computers became smaller and cheaper, the devices also became faster; the characteristic being made possible by a single integrated circuit called a chip (Mauchly, 2005). The exponential trend that has gained the greatest public recognition has become known as “Moore’s Law”. This law was credited to Gordon Moore, one of the inventors of integrated circuits, and then Chairman of Intel, because he noted in the mid 1970s that one could squeeze twice as many transistors on an integrated circuit every 24 months (Kurzweil, 2001).
Initially, IT systems in organizations were applied to operations. The initial applications were based on the notion of machine-room efficiency, meaning that current operations could be performed more efficiently with the use of computer technology (Daft, 2008). Daft (2008) further states that the goal was to reduce labor costs by choosing the computer over some manual tasks. The systems became known as transaction processing systems (TPS), which automated the organization’s routine, day-to-day business transactions. A TPS collects data from transactions such as sales, purchases from suppliers, and inventory changes and stores them in a database. For example, at American Airlines, a computerized system keeps track of the millions of transactions such sales, service records, files scheduled and available seats that the company logs each hour.
The systems can provide travel agents, both from the airline and otherwise, with information on seats, enabling agents to provide exceptional customer service. This system is supported by what is called a network. A network is the interconnection of computers and other such devices using wired or wireless (radio wave) technology to share resources. In the article “Evolution of Computer Networking” Taylor (2010) explains that networking computers is a combination of several disciplines namely computer science, telecommunications, computer engineering and information technology.
Networks and Other Information Technology Tools
Some information technology tools used today are combining hardware to form networks, thereby allowing easier access and sharing of information. In addition, businesses make use of tools such as ecommerce, various software packages, web2.0 and even social networks to gain an edge in market share. Networking is the linking together of more than one computer with the purpose of sharing information. A combination of hardware and software is used to achieve this feat. Bain (2009) suggests that the quality of computer equipment is increasing while prices are decreasing, thereby making it possible for more and more networks to be developed. The computers in a network can be in the same building or at separate locations.
For example, a car rental company such as Avis contains a database with information about its vehicles. A network allows an employee in any part of the country to access the database to give customer information about vehicles’ availability in real time. One prevalent form of corporate networking is an intranet, a private, company-wide information systems tool that uses the communication protocols(TCP/IP) and standards of the Internet and the World Wide Web but is accessible only to people within the company (Daft, 2008).To access the intranet one does so via a secure website or VPN. A virtual private network more commonly known as VPN is one that allows for secure transfer of data (communication) over a public network such as the internet. Quite a few systems allows for the construction of virtual networks by the use of encryption, security and tunneling software to make sure that only authorized personnel have access to the network and that data cannot be intercepted. In a publication by Adtran (2001) observes the past the acronym VPN was mainly associated with remote connection service such as POTS (plain old telephone service) network and Frame Relay PVC’s. However today it is more commonly linked to IP-based data connectivity. Adtran(2001) further states that very expensive leasing of lines was put in place to accommodate the services such as Frame Relay and ATM (Asynchronous Transfer Mode) for remote users to have access to the network.
The popular use and easy access of the internet and the capability of mass transferring of data capabilities has allowed companies to “dump” their networks online. E-commerce is part of resources that are on the networks that companies make available online. E-commerce or electronic commerce is the process for allowing the buying and selling of goods over the internet. Customers can make these purchases at anytime, and from any location, providing there is access to a computer. Over the years ecommerce has evolved to the point where practically everything can be bought online from books to clothing items; even ordering pizza can be done via the internet. The buying and selling process integrated by the internet, advanced communication and computer applications have led to the emergence of e-commerce business models, namely B2B (business to business), B2C (business to consumer), and C2C (consumer to consumer). Beal (2009) advocates that all e-commerce sites have the same basic fundamental building blocks that enables them to work regardless of how big or how small a retail Web site is.
The E-commerce process revolves around three general ideas involving the user requesting/submitting an order, the order being processed, further action being taken (approval/denial) and the completion of the order. Microsoft Office 2007, a software package, can be a quick ideal solution to computerize some of the monotonous tasks of a small business that cannot afford a more expensive customized software solution. The package contains Microsoft Word used for document preparation, Microsoft Excel for invoices, Microsoft Access for inventory and Microsoft Outlook for email. All the business records would be stored in one central location; the central location being on the main computer/server once the computers have been networked; for example within a Local Area Network (LAN). LAN is a communications network that interconnects a variety of data communications devices within a small geographic and transmits data at high transfer rates.
On the internet which is a wide area network (WAN) companies are also
tapping into the power of new IT applications such as Web services, group blogs, wikis, and social networking as powerful collaboration tools within organizations (Daft, 2008). The aforementioned second generation Internet technologies are collectively referred to as Web 2.0. Web services are internet protocols that facilitate the exchange of information and business activities online. A blog is defined as a frequent, chronological publication of personal thoughts and Web links. A blog is a running Web log that allows individuals to post opinions and ideas about anything from work projects and processes to weather and dating relationships (Daft, 2008). Blogs were created long before the term was coined, but the trend gained momentum with the introduction of automated published systems, most notably Blogger at blogger.com.
Baker (2005) indicates that blogs are simply the most explosive outbreak in the information world since the Internet itself and are going to shake up just about every business. A wiki is similar to a blog and uses software to create a website that allows people to create, share and edit content through a browser-based interface (Daft, 2008). (Matias, 2003) further advocates that Wikis can be used for a large variety of tasks, from personal note-taking to collaborating online, creating an internal knowledge base, assembling an online community, and managing a traditional website. Brain (2005) observes the uses of Wikis are on the rise because of ease of use and similarity to email and blogs. Wikis provide a very useful service in a simple way (Brain, 2005). A wiki allows a group of people to enter and communally edit bits of text. The bits of text can be viewed and edited by anyone who visits the wiki (Brain, 2005). Social networking also referred to as social media or user generated content, is an extension of blogs and wikis. Social networking sites provide an unprecedented peer-to-peer communication channel where people interact in an online community, sharing personal data and photos, producing and sharing all sorts of information and opinions (Daft, 2008).
Additionally Daft (2008) stresses that work networks on Facebook and Myspace are exploding, and some companies, including Dow Chemical, JP Morgan Chase, and Lockheed Martin, have started their own in-house social networks as a way to facilitate information sharing and collaboration. According to Swearingen (2008), William Baker, a professor of marketing at San Diego State University, surveyed 1,600 executives and found that firms that rely heavily on external social networks scored 24 percent higher on a measure of radical innovation than companies that don’t. Threats to IT in Business such as Unsecure Networks and the Remedies
As previously mentioned businesses make use of tools such as ecommerce, various software packages, web2.0 and even social networks to gain an edge in market share. One common denominator among the tools utilized is networks including local area networks (LAN), intranets and the internet. The success of these tools and the businesses are extremely dependent on network security. Some notable threats to information technology as it relates to business are internal threats caused by employees and external threats caused by hackers and viruses. Personnel Security involves the screening of all employees, not just full time staff but also contractors and consultants, before the individuals are permitted to access the company’s’ network. Some organizations go as far as conducting periodic screening and background checks regularly throughout the employee’s career at the firm. Disgruntled employees and how to deal with them are one of the biggest challenges that face most companies today. Some research has shown that it can take up to four months for IT-administrators to remove or disable former employees’ passwords and access to the network.
Therefore to remedy the direct threat from the disenfranchised personnel, firms need to enforce a rigid provisioning process by either hiring an external vendor or beefing up IT security by making safety measures a central focus. Furthermore, Apple (2009) states that because “people issues” usually trump technology issues, executives need to establish an IT security program that considers the people and the organization’s regulatory environment. Internal threats caused by disgruntled employees cannot be totally eradicated. However it can be greatly reduced by creating a work friendly environment. The firm’s policy also plays a critical role in the Information Technology networks’ exposure to threats. Policies that permit free, clear access to network services increase the risk of external attacks, including those caused by hackers and viruses. Procedures that call for stricter security and center around control or restriction of distributing network information help curtail external attacks. Crowe (2010) attests network administrators go to extreme lengths to ensure the security of the systems.
The administrators put firewalls and routers at all of the vital checkpoints, as means of protecting against unauthorized access (Crowe, 2010). However, Crowe (2010) is adamant that for larger organizations there is a law of diminishing returns for security devices; the more devices in the system, the more challenging it is to make sure that everything is performing uniformly and correctly. From an internal standpoint, firms also need to adapt security technologies ,such as the use of smart cards and employee recognition software since internal employees have more direct access to the system and therefore do more damage. The type and extent of connectivity used by the organization can have an effect on the threats that the enterprise receives. The fact that many companies have vast intranets and rely on the internet for many of the business transactions done by the firms exposes the companies to continued threats, both internally and externally. Kash (2009) purports that security is the major concern when dealing with data sharing and transfer over the internet. Reducing or limiting access to the internet can significantly hinder external attacks, but the risk of internal attacks is always present. The employees on the inside are a major hazard because individuals are capable of accessing the network and storing sensitive information on portable devices. Additionally some workers are allowed to VPN from any location into the company’s network, giving the employee even more unsupervised access to the network. If for example, the computer used by the telecommuting employee was compromised by unwanted personnel, the amount of potential accrued to the company with the information gained by the intruder would be insurmountable.
Network intrusion detection capabilities of the firm are enhanced by having the most updated firewall and antivirus systems. The tools used today are more efficient and provide a higher level of defense against external attacks. Internal employees are more likely to spread viruses via email and/or by bringing the destructive software in via storage media. Once a virus infects one computer on a network, the probability of the remaining devices on that network being infected is reasonably high. Moreover, threats such as phishing target mainly internal employees since they are the ones that can facilitate their intentions. In discussing phishing attacks which target social media Jackson (2009) advocates that social engineering by its nature, is a crafted attack intended to calm a victim’s fear into convincing the individual that a communication is genuine. Even with the best network intrusion detection technology, an organization cannot control human behavior or tendencies, which in most cases are the greatest hazards to the firm’s network IT security.
Information Technology (IT) as has been demonstrated is truly a force to be reckoned with. From the very inception of IT to introduction into business activity a major impact was felt. Workers at assembly lines were replaced by machines, thereby making it imperative for the individuals to learn new skills to compete in the ever changing business environment of IT. The trend continues today as IT usage has not only conquered the business arena but that of everyday living. With each gigantic step in IT none have been more important than the emergence of networks. We make use of networks such as local intranets, cell phone networks and the internet on a daily basis. However depending on how secure these networks are; their security or insecurity can affect our way of life. Some have prophesized that the next world war will be cyber war fare with terrorist hijacking major networks include those that control transportation , electricity and other communication devices. It is imperative that this same technology that’s being developed and improved upon be protected. Businesses and global citizens cannot afford to be victims of Information Technology. References