Information Security History
This exhibit gives a history of the evolution of users, key technologies, threats, concerns, and security techniques in information security since 1960. Click on the links in the pre-web computing (1960s-'90s), open web (1990s-2000s), and mobile and cloud (2000s-future) section. What were the threats and concerns of each time period? How did security technology or techniques develop in response to those threats?
Mobile and Cloud (2000s-future)
Security Techniques in the Mobile and Cloud Era
As more and more of users' personal information moves online and beyond their physical control, it becomes important to advance and provide technical controls over its access and use. Users' possession and use of powerful mobile devices introduces potential for strong protection capabilities along with risk of new vulnerabilities.
Cryptographic security protects information from wiretapping in transit, but endpoints can still be vulnerable. A TLS-secured connection isn't sufficient to protect a user's sensitive information if the server at the other end of that connection is impersonating the system the user wants to reach, or if a legitimate system has been hacked.
A mobile device can empower its user to authenticate to Web-based services using methods stronger than simple passwords. It can generate one-time passwords for display and entry by its user, or can perform key-based cryptographic operations to demonstrate a user's identity within a protocol.
Federated identity technologies
Federated identity and related protocols, such as SAML, OpenID, and the eXtensible Access Control Markup Language (XACML) can serve new and valuable roles now that mobile devices are powerful enough to operate as service providers in themselves and as users' data is dispersed across numerous cloud-based platforms.
Mobile app protections and permissions
Many mobile apps communicate data back to sites operated by the organizations that provide the apps. The apps can provide valuable services for their users, but may also serve their providers by collecting information. To maintain an individual's security and privacy, especially as mobile devices accumulate apps from multiple sources, it's important to constrain what data each app can access within a device.