Reflecting on our Society: The Effects of

Technology on Society’s Security.

Lasya Muthyam

3/1/2022

Intern/Mentor G/T

Dr. Melissa Kiehl

Dr. Naghmeh Karimi

 Abstract

Technology has shaped modern society into one that is accustomed to efficiency and

constant progress through the storing and sharing of information. The increased spread and

overall dependence on high-tech resources have given society the opportunity to continue to

develop itself in ways that were previously deemed impossible. However, with this facility

comes a dark side. As the number of cyber-attacks continues to exponentially increase, so does

the importance of cybersecurity and the demand for groundbreaking developments in the field.

Past solutions like IoT Devices and Cryptology have proven to only be useful in specific

situations and do not fully satisfy the measures needed to protect classified information.

Although, while moving into the next couple of years, professionals are turning towards a new

development that can be easily adapted and adjusted to fit the needs of different professional

sectors: Zero-Trust Architecture. With the newfound idea of sharing and storing data without

disclosing the properties of the information, will the world see an effective solution to the

alarming cyber-attacks? The goal of the research is to analyze the past and current flaws in the

existing tech infrastructure and evaluate the properties of Zero-Trust Architecture which allow it

to be a sufficient solution to the current cybersecurity crisis. Through the Mixed Methods data

collection consisting of interviews and meta-analysis, the paper will break down and identify the

past and current flaws in the existing tech infrastructure and evaluate the effectiveness of

adapting Zero-Trust Principles. The research will then combine the collected data to show a shift

in society’s direction when addressing cybersecurity and address the new guidelines for sharing

information. As a result, the research will also educate/inform people about the importance of
staying informed on cybersecurity trends, especially when being highly dependent on

technology.
Introduction

In such a connected world, we have developed a system where convenience is a simple

click away on a screen. However, with this facility comes a dark side. In today’s society, it is not

unusual to hear daily reports about cyberattacks on private and public sectors. Over the past

decade, we have experienced a startling rise in cyber-attacks, which often expose personal

information, affecting the safety and lives of many to varying degrees. Although considering the

progress we have made, we can not abandon technology and now can only ask one question:

How do we protect ourselves from the dangers of a screen?

As our community grows and more people gain access to technology, our systems are not

capable enough to ensure the security of every user. Therefore, while many technological

innovations have helped us access and store information efficiently, many remain with hardware

and software flaws. Classified information can oftentimes be secured if the user educates

themselves on trends in cybersecurity and practices safe browsing when using technology. This

may not completely prevent cyberattacks but will protect users against common threats. Learning

about concepts like zero-trust architecture and firewall protections will help users identify

possible threats and will allow them to continue using technology without being vulnerable to

attacks.

In response to the growing cyberattacks, this research paper will explain the different

hardware and software-based attacks that many fall vulnerable to. Following an introduction of

different cyberattacks, the paper will analyze basic trends in cybersecurity after comparing

previous/current safety measures employed by individuals, IT professionals, enterprises, and

government agencies to potential future developments that will better manage this problem.

1
Background

Over the past couple of decades, there has been a massive boom in the tech industry as

humans have started to rely more and more on technological innovations to assist in strenuous

tasks. Starting from the invention of computers, this trend started to drastically change how

society functions as more and more people started to have access to technology in their daily

lives. This new phenomenon has since spread to other, and more professional, sectors like the

economy, the government, hospitals, schools, etc, making our entire society run on the assistance

of computers and other devices. The immediate effects of this new resource were very beneficial

to society, the main effect being improved efficiency with difficult procedures due to technology

safely storing large sets of data. As computers and other devices started to develop along with

time, clients and users started to receive greater control over the devices they deal with. As the

Internet and technology become a tool that holds great importance to our society, some

individuals started to try to find ways of gaining illegal access to devices and get ahold of the

information stored. Starting from 1834, there have been relatively few cyberattacks until 2010.

With technology being a relatively new and inaccessible resource for the general public, the

majority of cyberattacks took place between nations or governments that were in a war. Although

since 2010, there has been a startling increase in the number of cyberattacks. With a low number

of only 15 cyberattacks happening from 2000 to 2010, the number of cyberattacks skyrocketed to

almost 1,500,000 attacks in the decade. Moving onto 2021, there was a greater number of

cyberattacks than in the previous decade as there were more than 1,600,000 cyberattacks.

Recently, in a study published by the University of Maryland, a hack happens every 39 seconds,

showing the importance of addressing this growing problem in our society.

2
 The most important concept to understand with security is that technology has two

components: hardware and software. Hardware consists of the physical components of any

device(CPU, motherboard, circuits, chips, etc), while software contains code and algorithms that

are programmed into a device and tell it how to function (Du et al., 2019). Despite there being a

stereotypical view of cybersecurity mainly dealing with bugs and threats in code, hardware

security plays a large role in keeping devices safe against attacks. The research paper will

explore the different types of attacks and solutions that people can employ to keep both their

hardware and software safe from attacks.

Review of Literature

Software and hardware attacks are equally prevalent when discussing the topic of

cybersecurity. While targeting different sources and operations in a device, many users- both

large companies and common netizens- fall vulnerable to different attacks which range from

simple to high-scaled.

From the perspective of companies and enterprises that store large sets of data, it is

harder for cybercriminals to steal classified information through hardware as data is stored using

several large and protected devices. Practically, individual devices can not contain all of the

information, which prevents criminals from being able to use methods like phishing or planting

bugged chips/disks into a device to steal information efficiently. Hence, companies and large

enterprises are hacked through software breaches. While code-based hacks are common, a more

concerning and efficient method hackers have implemented over the past few decades is taking

advantage of the way the data is stored. In computer science, data is addressed, figuratively, as a

3
living entity that goes through various stages from the time it is created to the time it is deleted.

Formally known as the Data Life Management Cycle (DLM), data’s lifecycle allows information

to have different security needs, and carries a level of risk based on the properties the data

contains at a particular stage (Kumar, 2020). Of the six stages: create, store, use, release, archive,

and delete, data is at risk of being breached during every stage of its life except for deletion. This

is because in all of these stages, with the exception of the deletion stage, data is “in motion”, or

in other words, the data is either being replicated, shared, or edited (Ng, 2020). A common way

to visualize data in motion is to envision data literally moving in a passageway filled with other

pieces of information. In a busy passageway, it is hard for any individual or system to pay

tentative attention to any piece of data. This allows hackers to be able to easily manipulate bits of

data without being caught by any security features. As data is taken across various foreign

routes, it becomes even more vulnerable and can be completely stolen by hackers as there is less

protection against these attacks. Slowly, a hacker can be able to view all of the data a company

has stored, resulting in the infamous large-scale attacks we hear about in the news from time to

time.

Moving onto hacks that usually affect common users, it is easier for hackers to target

personal computers and devices through small-scaled hardware attacks like phishing. Phishing is

a cybercrime in which scammers try to lure sensitive information or data from individuals, by

disguising themselves as trustworthy sources. Commonly, online phishing is executed through

text, email, or even call where the scammers disguise themselves as a large agency like a bank or

a health care company. By disguising themselves and sending out “important information” about

possible changes in the agency, cybercriminals lure oblivious users to give out their personal

4
information like access to credit cards, bank accounts, or other accounts/passwords. It is also

common for many phishing scammers to reach out to a user and demand money. Such attacks,

while simple to spot due to their sketchy display, are commonly used to target younger or

inexperienced technology users. Often being carried out through social media platforms or other

common communication platforms, hackers are able to attack millions of people every year and

steal their information. “In 2015, social media was used in 8.3% of phishing attacks; now they

are used in 84.5% of attacks” (HCP, 2022). Like so, many inexperienced users lose their money

and have their personal information exposed to the eyes of hackers.

Even though phishing does not involve complex hardware knowledge to play out, many

fall vulnerable to such hacks due to mere ignorance of safety protocols while accessing any

device. Since the first-ever cyber attack in 1988, cyber-attacks have grown exponentially at an

alarming rate. Each decade, professionals have noticed that such attacks have not only increased

in frequency but also the intensity and the way they are executed. From the 1990s to 2000s, most

cyberattacks were smaller scaled and were targeted towards specific individuals. A common

cyberattack during these years would have been phishing calls or guessing passwords for illegal

access to information. Although since the 2010s, attacks have been executed on a grander scale.

Cyberattacks started to target large corporations that carry personal and classified information

and affect millions of people. Cybercriminals have also started to develop hardware and software

methods that can help them virtually attack and access classified information, oftentimes doing

so without being detected by the source of the information (Climer, 2018). Upon closer

observation on this problem, experts have seen a trend between growing attacks and the growth

in accessibility of technology and online information. As asserted by my interviewee Dr. Paramr,

5
“Many things have led to this arms race between people trying to protect this resource and

people trying to illicitly gain access to this resource. The idea of having additional feature sets,

allowing a certain level of convenience to the end-user, opens up a possibility that individuals

can now take advantage of a system in many different ways that wouldn’t have otherwise

manifested themselves.” For instance, a couple of decades ago, one would have a motor and a

dial-up set up in order to get access to the Internet, but now everything is much more readily

available as far as being able to connect to the Internet. By being able to do so by virtually just

having a router installed at home, one is given the convenience of all of the features that come

along with being on the Internet: banking, shopping, emails, applying for schools, etc. Although

the problem arises when the user does not properly set up the router. Accidentally turning off the

hardware firewall, or not setting up the router with the proper procedures inhibit common users

from safely enjoying the luxury of using the Internet without giving hackers access to personal

information. This raises the concern that while society waits for the development of more

advanced and secure tech infrastructure, netizens must educate themselves on different

cyber-attacks and stay vigilant of signs that can help prevent such vulnerabilities.

As mentioned before, cyber breaches range from small to large scale and can impact

many people. While many may be relatively noticeable, like online phishing and pop-up ads,

some attacks occur at a deeper level, requiring professionals to address the problem. Despite this,

there are precautions that both large enterprises and common users can implement to ensure

information security while using technology.

Since many attacks which target large companies and enterprises affect millions of people

at once, larger organizations tend to use more advanced methods that ensure the security of

6
several devices. This opens up the relevance of a growing field in computer science and

technology: cryptology. Over the years we have seen a huge increase in the adoption of

encrypted information when trading with different entities. Common examples are crypto coins,

cryptocurrency, and crypto information in which society attempts to protect its important

contents like monetary transactions and deposits by encrypting and hiding that information from

any public vendor. Cryptology consists of two simple concepts: encryption and decryption.

Encryption is the idea of using a key or code to translate and thus hide raw information from

external sources. Decryption is the exact opposite; experts, while using the key that was used to

hide the information, decipher the encrypted text to get the original plain text. When encrypted

using strong keys, companies can prevent many cyberattacks which attempt to hack and steal

information (Markel, 2021). Typically companies use long and complex mathematical formulas

as their key. This increases the complexity of the operation needed to be done in order to

successfully decipher the message as the numbers used in these mathematical encryption systems

are tens- if not hundreds- of digits long. This makes it impossible, to all intents and purposes, to

search through all potential keys in a reasonable amount of time. Additionally, the web and many

other modern communication systems employ a hybrid approach in which companies use both

complex number keys and symmetric keys (keys where the position of certain numbers may be

swapped instead of following common formulas) to increase the security and efficiency of the

encryption. Such methods allow large corporations to effectively hide and control their

information by giving them the privilege of being the only ones who know the key to hiding the

original information (Ward, 2013). When external sources attempt to read the information, they

will not be able to recognize the key and read the contents of the stolen information, unless they

7
are able to decipher the text. This, although, is highly complicated and oftentimes requires more

time for hackers to decipher, putting them in danger of being detected due to long periods of

suspicious activity.

In terms of hardware features that individuals can use to protect themselves from

potential attacks, tools like firewalls act as a monitor to keep data safe. A cybersecurity firewall

is a network security system that can either be hardware or software and protects the trusted

network from unauthorized access from external networks/threats. While firewalls can be used to

protect hardware and software, they tend to be used more frequently to protect hardware like

Internet routers. While there are many different types of firewalls, the basic operation done by

them is to act as a gatekeeper of incoming data by monitoring incoming and outgoing

information (Forcepoint, 2021). Every firewall operates based on security guidelines that are

configured into the network. Using filtering algorithms and processes, firewalls are able to

search through data to determine whether a source or data file is authorized or not. Thus,

firewalls are great reliable solutions when preventing external hardware hacks as they can easily

detect malware features when inserted or sent to a device. Designed to be complex and handle

large amounts of data, firewalls are common in households when settings up appliances like TV

or Internet routers, Norton antivirus systems, etc., One drawback to firewalls is that they can not

prevent internal threats, virus attacks, and authentic mechanisms used by hackers (like a

username password). Firewalls are used to monitor and control the transfer of information

between different networks or systems, but they can not monitor if an attack is happening from

within a system- something very common in cybercrime. Despite this flaw, firewalls are very

commonly used across the globe in various settings as they ensure security through much of

8
data’s lifecycle and in areas where detecting suspicious activity becomes blurry. As they are

publicly available, the general public can use them to keep their hardware secure from potential

external bugs and threats.

Like large companies and enterprises, the government employs similar protection tools to

secure their information from possible hacks and threats. Encryption has played a large role in

any government’s history of trying to keep information hidden from all unauthorized personnel.

Often used in war settings to communicate with allies or troops, many governments use

pre-developed software that can detect bugs and also try to encrypt and decrypt messages to put

the nation at an advantage during operations. Additionally, the government develops software

and hardware after being guided by IT professionals on the most effective and ensuring

technologies. Government agencies like Homeland Security hire contractors and full-time

employees that are knowledgeable in advanced coding and hacking skills to ensure the safety of

the agency’s secretive information. Many projects inside such agencies heavily depend on

analyzing large sets of data. To make sure that the data is not vulnerable to potential hacks, the

government stays informed on cybersecurity trends and frequently adapts and develops new

solutions to problems in the cyber world. For example, during the years 2012-2015, IT

professionals were running several studies and experiments to see if they could improve the

flaws in the tech infrastructure by simply modifying and improving upon the existing devices

that were used. In a Boston University study conducted by researcher Bu Lake, Bu and a small

team of his colleagues addressed a new proposal of including security features when designing

chips that will run IoTs. In simple terms, an IoT (Internet of Things) is any device that is

embedded with sensors, software, etc in order to connect and exchange data with other devices.

9
Common examples of IoT devices are laptops, PCs, routers, and mobile phones as they all have

some software and hardware elements that allow them to communicate with other devices and

transfer data. Since IoTs are critical destinations information commonly transitions through, this

study made groundbreaking conclusions when it was published as keeping IoTs secure from

possible threats not only protects a single device but a vast ocean of incoming and outgoing data.

In his study, to secure these devices, Bu experimented with preexisting security features like

firewalls and small data traveling monitors which helped professionals track the data’s contents

and its movements throughout its lifecycle. Using the results of his experiments, Bu ended up

designing an IoT chip that contained all of the previously mentioned security features, which was

repeatedly tested to prove that such edits were able to improve the existing flaws in the device.

Branching off of similar experiments and studies, the U.S. Department of Homeland Security

adopted similar solutions and released guidelines that encouraged tech manufacturers to start

placing security features in the chips of devices to prevent the problem from its root (Dorsch,

2018). Hackers often can get complete information by figuring out the chip’s properties.

Although, if the chip is secured then it will be harder for hackers to gain complete access to any

device. After such statements, many government and private agencies started to design IoT chips

with pre-installed security and antivirus features to prevent possible attacks.

As technology advances, so do the methods cybercriminals use to hack into secure sites

to steal information. In order to keep up with their advancements, professionals constantly are

developing new methods and solutions to keep our networks and information secure.

Developments like firewalls, IoT, and encryption have helped secure information in the past, but

looking into future years, professionals have another solution in mind: zero-trust architecture.

10
Zero-trust architecture (ZTA) is a new evolving trend in cybersecurity architecture that is based

on zero-trust principles. The plan states that every system should authenticate and authorize a

user’s request, regardless of where you are in a system. Essentially, you do not trust anyone or

anything, you validate every single request sent through from a proper and verified source. “Zero

trust assumes there is no implicit trust granted to assets or user accounts based solely on their

physical or network location (i.e., local area networks versus the internet) or based on asset

ownership (enterprise or personally owned)” (Borchert et al., 2021). The idea of maintaining data

security and privacy from external sources by carrying a sense of zero-trust branched from a

mathematical concept called Zero-Knowledge Proofs (ZKP). ZKP, being very similar in idea and

execution to ZTA, allows an entity to keep its information and its details secure, while still

allowing clients to believe that the enterprise has the correct valuable information. For example,

let's say a teacher wanted to convince one of his/her students that in a picture filled with

penguins there was a puffin. The students, without seeing the picture fully, might not want to

trust him. Although, if the teacher wanted to prove to his students that there was in fact a puffin,

but did not want to reveal the exact location of the puffin, he/she might cover the entire picture

and only reveal the part where the puffin is. Here, the teacher is able to prove that the puffin is in

fact in the picture (the valuable information). Although to prove this to others, the teacher did not

give out the specific location of the puffin and besides the fact that a puffin is in the picture, the

students (the clients) do not know anything about the picture (Wired, 2022). Similarly, in ZTA,

any enterprise, organization, or individual can keep their information as secure and private as

possible as they use methods that reveal as little information as possible to others while still

allowing for the transfer of data and information. This architectural plan, therefore, provides the

11
creators with the opportunity to close off all information about data properties and only reveal

that the data or information exists. Like so, hackers or cybercriminals are limited in the

information about the data to be able to trace it and hack a network to retrieve that information.

After its first release to the tech world, the architecture plan has started to be

implemented in various global sectors, especially as remote working becomes more popular.

From business corporations to government agencies, along with private creators, the world is

shifting towards a ZTA-based infrastructure to secure classified information. In January 2021, a

survey was conducted where respondents from various job titles and company sizes were asked

to report on their organization’s or a personal plan of adopting ZTA. Out of 3,570 global

responses, the survey yielded results that stated that 72% of respondents have plans of adopting

zero trust in the future or have already adopted it (Statista, 2021). In a corporation or commercial

company setting, IT professionals have successfully released detailed plans that persuade

security architects to implement such technical infrastructure to keep data secure. If

implemented, large corporations can make business transitions more secure for themselves as the

market is investing in products that limit the growing frequency of target-based cyber attacks.

Companies are also making sure to use ZTA in all cloud-based operations so that they do not

necessarily have to change the way they construct their data but still can keep their classified

information secure from external threats. Similarly, the government has been making moves to

implement ZTA in its future tech infrastructure plan. The United States is heavily pushing to

implement such a plan and has released “The FY2022 Federal Cybersecurity R&D Strategic Plan

Implementation Roadmap”. Through this plan, the federal government released a mandate that

requires all of its agencies to meet specific cyber security standards and objectives outlined by

12
ZTA by the end of the fiscal year 2024. The goal of this initiative is to reinforce the

government’s defenses against increasingly sophisticated and persistent threat campaigns which

have been affecting the American public’s safety and privacy which has the negative side effect

of weakening trust in the government. As the government and several corporations follow these

plan roadmaps and adopt ZTA, we can expect to see safer transactions of data and fewer

high-intensity attacks.

Technology’s value in our society will continue to grow as we progress into the future.

This makes it even more important to prevent cyberattacks and keep personal information secure

while using technology. In practice, cybersecurity is a complex subject whose understanding

requires knowledge and expertise of technology, but many users can protect themselves against

malicious threats by educating themselves on the basics of how to use technology safely.

Concepts like firewalls, data encryption, and data life management will help many people learn

about the recommended procedures to stay safe from the dangers of a screen. While the

cybersecurity problem will never be solved once and for all, solutions to the problem, limited in

scope and longevity though they may be, are advanced enough to prevent many common attacks.

Therefore, it is important for regular users to stay informed on trends and developments in the

field.

Methods and Data Collection

The following research paper answers the question of to what extent should society rely

on technology to store classified information? Is there a limit or do the pros outweigh the cons?

The research focuses on how people can protect themselves from cyber attacks that threaten

13
society’s progress with technology by observing past, present, and future cybersecurity trends.

The research hypothesis, which is supported by the research conducted, answers the question by

stating that while many technological innovations have helped us access and store information

efficiently, many remain with hardware and software flaws. Although, through understanding

cybersecurity trends and additional security features we can protect data from the dangers of a

screen. The research question and research hypothesis were addressed in this study through the

data collection methods of interviews and meta-analysis. While researching, the interviews were

conducted first to be used as a basis for the rest of the data collection. Through the online calling

platform, Zoom, a total of three separate interviews were conducted with three IT professionals

who have different levels of experience in different fields of technology. Through each interview,

information regarding the weakness of our past and current tech infrastructure and possible

future cybersecurity trends were collected from reliable professionals who have garnered both

academic and practical experience on the topic. The first interviewee was Dr. Parmar, a federal

contractor who works for Homeland Security. Through the interview with Dr. Parmar, questions

regarding software technology and solutions like cryptology and problems like software lag-time

were discussed as he is a senior programmer for many federal projects and also deals with the

software side of the security development at his work. The interview also gathered information

on the challenges and concerns a programmer would deal with at a highly-secured government

agency (specifically regarding software/code-related issues). Government agencies, which store

billions of classified data sets, need extra protection as they store sensitive information, and thus

the interview shredded light on what procedures professionals take to protect such content-dense

data and respond to cyberattacks. The second interview was with Dr. Karimi, a private hardware

14
security researcher who also is a professor at the University of Maryland Baltimore County.

During the interview with Dr. Karimi, the questions were focused on how professionals who

work with the hardware side of technology (ie computer chips, circuits, etc.) secure technology

and physical systems. As she deals with hardware security, many questions were based on topics

like circuit and chip development and memory storage to shed light on the differences and

similarities between hardware security features and software security features. Additionally, this

interview allowed for insight into some of the difficulties private researchers in technology face

when dealing with data security. Lastly, the third interview was with Mr. Sonpar, a security

architect at a corporate company. During the final interview, the questions were geared to fill in

some of the gaps that were left through Dr. Parmar’s interview and Dr. Karimi’s interview

(regarding past and current software/hardware flaws) as a security architect has strong

knowledge of both hardware and software properties when it comes to security. The interview

consisted of questions that were more specifically centered to collect data on how commercial

and corporate businesses store their data and what types of threats they are more likely to fall

vulnerable to. Thus, through the three interviews, sufficient data was collected to cover a wide

spectrum of vulnerabilities that professionals from different professional sectors face and how

they might address potential attacks.

As the research method used in this study was that of Mixed Methods, the interviews

were designed to help gather basic information about the different problems and perspectives in

cybersecurity which would then be furthered by a meta-analysis of several released articles and

documents. In the meta-analysis portion of the data collection, the research went into depth

regarding a particular trend that was observed in all interviews as the future of cybersecurity:

15
Zero-Trust Architecture. The meta-analysis portion consists of three sources: 2 2021 released

documents on future tech infrastructure plans, and 1 survey result. Similar to the interviews, each

source that was evaluated addressed the needs and future plans of professional sectors of

different technical backgrounds. The meta-analysis portion of the data collection, therefore,

consisted of a source that examined the needs and plans of government agencies, corporate

companies, and private researchers and analyzed the ways these different sectors could modify

and customize the architectural schema to satisfy their needs with data.

The first source that was evaluated was titled, “FY2022 Federal Cybersecurity R&D

Strategic Plan Implementation Roadmap” and was the document that addressed the needs and

plans of the U.S. government agencies. The document discusses the Federal Government’s plan

to adapt zero-trust practices to strengthen their tech infrastructure and protect data when moving

on to 2022 and future years. Additionally, the document discusses plans to allow other

government agencies to adopt ZTA (zero-trust architecture) to facilitate the trade of data without

security issues. As the document is written by the government, it includes a detailed outline of

how government organizations and agencies plan to use the new security architecture to protect

their data and how it can be modified in ways to secure large sets of information.

The second source, “NIST Zero Trust Architecture”, is another document that provides

information on how corporate companies like T. Rowe Price, Amazon, Facebook, etc are

planning to implement Zero-Trust Architecture into their tech infrastructure while looking into

2022 and future years. Like the document released by the Federal Government, this document

consisted of a detailed outline of how companies with different needs and data storage plans can

easily adapt zero-trust architecture into their current systems to better secure their data. As

16
zero-trust principles are based on mutual trust between different entities, the document also

outlines how various companies can use this new infrastructure to facilitate the sharing of

valuable data.

The final source that was used to collect data for the meta-analysis section of data

collection is a survey report. The survey was globally conducted in January 2022 and surveyed

3,570 respondents (all of whom are tech professionals from various work settings) about whether

their work setting was planning to adopt zero-trust procedures. The survey report included a pie

chart titled, “Is adopting a zero trust model a priority for your organization?”, summarizing the

results of the global survey. The pie chart reveals that 42% of all respondents claimed that their

work environment has started to implement zero-trust architecture practice, but is in the early

stages, 30% of respondents claimed that their work environment has already transitioned to fully

using zero-trust architecture practices, and the remaining 18% of respondent claimed that their

work environment had no plans on implementing zero-trust architecture into their current tech

infrastructure to secure data.

Since my data analysis is mapped in a way where the sources from my meta-analysis

delve into further detail about the information I gathered through my interviews, there are no

outliers or discrepancies in my data collection. All of the data I have collected creates a final

picture that supports my hypothesis and furthers my research question. From my interviews

where I focussed mainly on current problems, solutions, and potential future solutions, I was able

to gain a good foundation of how professionals viewed the alarming rise in cyberattacks. After

noticing how all my interviewees had a similar idea in mind for the future of cybersecurity, I

dedicated my meta-analysis portion to researching the details of Zero-Trust architecture. I also

17
was able to gather information on how different work environments like government agencies,

private corporations, etc plan to implement this new plan to fit their needs and protect their

information from possible threats.

Results and Data Analysis

The primary research question this study attempted to answer was, “What should society

and its individuals do to protect its classified information from the growing number of

cyber-attacks? How do the solutions vary across different professional sectors?” Similarly, the

research hypothesis followed the main points of this research question, with the exception that it

was much more detailed and thorough in the central arguments being made, and the specific

points to be addressed. The hypothesis, thus, was, “As the number of cyberattacks alarmingly

grows, society and its individuals must educate themselves on cybersecurity trends and be

cautious when using technology to protect their assets and classified information from hackers.

As technology is a forever developing field, it is important that regular users learn about the

security features of different devices to make sure they are secure from possible threats and are

protected against the vulnerabilities of different technical environments. While looking into

important future trends, various professional sectors are planning to adopt a new infrastructure

plan called Zero-Trust Architecture that will allow a client to share classified information with a

user without actually disclosing the details of the information they have, thus allowing for a

secure transfer of data. By being informed on such a new security feature and adopting it, users

can protect themselves and their data without allowing criminals to gain more power.” The

research question and hypothesis were answered through the data collected from the interviews

18
of three IT professionals, and the meta-analysis conducted from various released documents and

surveys on the applications of the research topic in real life. Specifically, the interviews were

able to answer the reflective part of the research question by describing past and current

vulnerabilities in the tech infrastructure. By also shedding light on the possible future solutions,

the interviews were also able to set a strong basis on what topics users should start paying

attention to in order to stay informed about cybersecurity. The meta-analysis section of the data

collection focussed on expanding on the topics examined in the interviews and focused on the

second part of the research question which questions the difference in needs when comparing

different work environments (corporate, government, private, etc).

To analyze all of the data that was collected, two comparison charts were created. One of

the charts was used to compare the three interviews where its purpose lay to list the past and

current tech infrastructure limitations, analyze future solutions, and finally differentiate how the

future solutions will be implemented in the different work settings that were investigated in each

interview.

In the first interview, data regarding how government organizations address security

concerns and future plans were collected. Firstly, the interview addressed how one of its main

vulnerabilities is a detected lag time between when a breach occurs and when a breach is

detected. There have been several reports which exposed how current systems are unable to

detect security breaches until long after the hack occurred. As Dr. Paramr stated in the first

interview, “This not only led to a loss of stored certain information but was a threat to the entire

organization which could be at risk of losing more information than what was planned to be

stolen.” In an attempt to fix this problem, many government organizations relied on cryptology

19
and complex ciphers to encode their data so that if hackers breach into their systems, they would

not be able to understand the information they have uncovered. Although with time, these

solutions have also been cracked and the information was stolen.

Additionally, the second chart was used to compare the three sources in the meta-analysis

portion of the data collection. Like the previous chart, the second chart made sure to compare

three different reliable sources that examined different work settings. The chart was broken into

two sections: how do the different professional settings plan to implement the zero-trust

architecture and what protection does the plan provide for each setting. Due to its structure, the

second chart was used to expand upon the contents described in the first chart.

Discussion and Conclusion

Based on the information presented in the review of literature, and the data gathered and

analyzed in the data analysis, the research hypothesis has been supported. The first point

mentioned in the hypothesis highlights the importance for common users to inform themselves

on cybersecurity trends to protect themselves from being vulnerable to possible hacks as there

are many flaws in the current tech security infrastructure. While this point of the hypothesis is

answered by all of the data collected, it is particularly answered by the interviews that were first

conducted to gather basic data on the past and current cybersecurity situation. Through the three

interviews, information regarding the various causes, flaws, and limitations of different types of

technology was collected and analyzed. The interviews also shed light on the differences

between the ways different professional settings use and store information, thus providing a

complete analysis of the past and current problems and furthering the data by listing what

20
problems must be addressed in the future. As the second part of the hypothesis focuses on the

needed solutions to address the current problems in cybersecurity, the meta-analysis portion of

the data collection focuses on researching Zero-Trust Architecture and what the solution has to

offer to the future of cybersecurity. Through the various sources that were analyzed, the research

was able to display how Zero-Trust Architecture not only grants its users from keeping their own

classified information protected but also proves that the solution is easily adaptable and

modifiable to suit the needs of different organizations that interact with data differently, thus

becoming a highly-influential trend.

The limitations of the research lie only in that the data collection was not collected in

favor of the timeline of the recent developments. In other words, Zero-Trust Architecture is a

future trend that has only started to be implemented globally at the beginning of 2022, and thus

the majority of the sources are from the early stages of the plan development. Therefore, the data

that has been collected through the meta-analysis regarding the solution may not include some

complications of Zero-Trust Architecture as flaws are often uncovered through the passage of

time and experience with the technology. Although, this limitation does not greatly affect the

conclusions and results of the research as Zero-Trust Architecture is not the single solution to the

security crisis that society faces. Like every solution that has been created, ZTA will eventually

become outdated and professionals will introduce another potential solution to address the

problem. Looking into the future, it is crucial that researchers continue to not only consider past

and current trends in cybersecurity but also collect information on possible future trends as they

will have a great influence on the way the world fights hacks.

21
 In conclusion, with the overall increase in dependence on technology to store classified

information and the increased demand to share that information to develop new features for

society, cybersecurity becomes a more prevalent topic for common users to study and familiarize

themselves with. While there are many solutions that have been developed and implemented,

many have flaws or exposed loopholes which do not sufficiently protect data. The most latest

trend in cybersecurity deals with a new tech infrastructure plan called Zero-Trust Architecture

where entities form mutual trust bonds to share data without revealing any information about the

data they possess, thus protecting their system’s contents from being exposed and vulnerable to

attacks. As Zero-Trust Architecture is shown to be easily adaptable and modifiable to suit the

needs of different work settings, it has gained great attention from various entities and is shaping

the future of data security. Although while looking in the long term, users must continue to

observe cybersecurity trends as developments will be made every day to better secure our

systems. While securing technology properly can be complicated, cybersecurity is a field that

many must continue to pay close attention to as possible future trends that will shape the way we

interact with technology in general.

22
 References

Borchert O., Connelly S., Mitchell S., Rose S., (2021) Zero trust architecture. Nist. Retrieved

from https://www.nist.gov/publications/zero-trust-architecture

Bu L., (2019) Design of secure and trustworthy system-on-chip architectures using

hardware-based root-of-trust techniques. Boston University. Retrieved from

https://open.bu.edu/handle/2144/36148

Climer S., (2018) History of cyber attacks from the morris worm to exact. Midsight. Retrieved

from https://www.bbc.com/news/technology-24667834

Dorsch J., (2018) Making secure chips for iot devices. Semiconductor Engineering. Retrieved

from https://semiengineering.com/making-chips-for-iot-devices-secure/

Forcepoint, (2021) What is a firewall? Forcepoint. Retrieved from

https://www.forcepoint.com/cyber-edu/firewall

HCP, (2022) What is phishing and how common is it? HCP Healthcare compliance pros.

Retrieved from

https://www.healthcarecompliancepros.com/blog/what-is-phishing-and-how-common-is-i

Kim P., (2021) What is phishing? How to recognize and avoid phishing scams. NortonLifeLock.

Retrieved from

https://us.norton.com/internetsecurity-online-scams-what-is-phishing.html

Kumar S., (2020) What is data lifecycle management?. Stealthbits. Retrieved from

https://stealthbits.com/blog/what-is-data-lifecycle-management/

23
Markel S., (2021) How is cryptography used in everyday life?. TechMoon. Retrieved from

https://technologymoon.com/how-is-cryptography-used-in-everyday-life/

Midsight, (2021) It priorities for 2022: A cio report. Midsight. Retrieved from

https://gomindsight.com/insights/blog/it-priorities-for-2022-a-cio-report/

National science and technology council, (2022). The fy2022 federal cybersecurity r&d Strategic

plan implementation roadmap. U.S Federal Government. Retrieved from.

https://www.nitrd.gov/pubs/FY2022-Cybersecurity-RD-Roadmap.pdf

Ng C., (2020) A guide on the data lifecycle: Identifying where your data is vulnerable. Varonis.

Retrieved from

https://www.varonis.com/blog/a-guide-on-the-data-lifecycle-identifying-where-your-data

-is-vulnerable/

Ward M., (2013) How the modern world depends on encryption. BBCNews. Retrieved from

https://www.bbc.com/news/technology-24667834

Ward M., (2013) How the modern world depends on encryption. BBCNews. Retrieved from

https://www.bbc.com/news/technology-24667834

Sava JM., (2022) Is adopting a zero trust model a priority for your organization?. Statista.

Retrieved from https://www.statista.com/statistics/1228254/zero-trust-it-model-adoption/

Appendix A

24
(delete if not using appendices; each item gets its own title and letter - Appendix A,

Appendix B, etc.)

25
Format (5/5 points)
● Student followed formatting guidelines including cover sheet, headings, page numbers,
spacing, etc.

Introduction (10/10 points)

● Student hooked the audience, provided background, proposed a strong thesis, and provided
purpose statements that forecast the parts of the paper.

Body (60/60 points)

● Student presented each main idea in order. There was a logical flow of information supported
by evidence.
● Sources were utilized in multiple ways to support the argument. Each claim was
approximately 2-3 pages in length.

Conclusion (5/5 points)

● Student restated and justified their argument and provided a closing thought.

Sources (9/10 points)

● Students used citations appropriately throughout the paper (at least two per page in correct
format) and included a minimum of 10 sources in the bibliography, in correct APA/MLA
format. Quotes, short and long, are presented correctly. TURNITIN.com does not indicate
concerns for plagiarism.
Fix your in-text citations throughout.

Writing Style (10/10 points)

● Student's writing is free of errors and follows conventions of high-level academic writing
including, but not limited to: correct punctuation and mechanics; avoiding awkward or wordy
writing; maintaining 3rd person POV; avoiding contractions; avoiding run-on sentences and
fragments; present tense; correct noun/verb agreement; proper formal tone.

99/100
Excellent work!

26