Securing the cloud when skills are scarce
Securing the cloud when skills are scarce
The growing shift to the cloud for delivering better accessibility to company apps and resources presents new security challenges that require specific capabilities and skills. With the shift occurring quickly and often without strategy because employees are using a plethora of cloud applications without orgnisations knowing, companies are finding that they aren't equipped to adequately protect what has been shifted. They are also quickly discovering that the path to better cloud security inevitably means having to bridge an ever widening skills gap. But, it's not that easy.
"At the moment in South Africa, as with many countries across the globe, cloud security skills are scarce and competition for appropriately qualified professionals is fierce. They are also amongst the highest paid in the IT profession," says Richard Broeke, the General Manager at Securicom, a leading South African managed IT security company.
The skills gap in IT security has always been there; and while the threat landscape has continued to evolve and the complexity of IT security technologies has continued to increase, so the gap has continued to widen.
"Throw in the cloud, which requires specific skills, and you really have a problem. The vast majority of companies are just not equipped to handle all of it," says Broeke.
In 2015, Gartner predicted that by 2018, more than half of organisations will use security services firms that specialise in data protection, security risk management and security infrastructure management to enhance their security postures. This is being driven by the lack of appropriate skills to define and implement appropriate levels of control. Specific to the cloud, 30% survey respondents in the recent Cloud Security Spotlight Report by Crowd Research Partners indicated that they will commission a managed services provider to look after security.
"Traditional security tools often do not work for protecting against new threats in dynamic and agile cloud environments. Likewise, traditional IT security skills also fall short," says Broeke.
With cloud-specific security skills in short supply, as well as unaffordable to the average business, outsourcing to seasoned specialists makes business sense. Companies can tap into the necessary skills more cost effectively. It can also help to empower the adoption and effective use of cloud services.
"Because security of data in the cloud remains such a major concern for companies, the shortage of cloud security skills is also hindering their cloud deployments. What this means is that they aren't adopting or fully reaping the benefits of more diverse resources in the cloud which would enable better productivity and business continuity. Outsourcing cloud security therefore also has the potential to better support companies in extending more value-adding services in the cloud for their users," explains Broeke.
He cautions companies to do their homework before placing cloud security into a third-party's hands.
"The whole reason you are considering outsourcing in the first place is skills. So it is important to check-out their credentials and make sure they have the relevant skills and experience to do the job and do it effectively. Don't be afraid to ask questions and move on if you have any doubt," concludes Broeke.
Securicom has 15 years experience in developing cloud based IT security services and invests heavily in training and development of staff to ensure that it can offer qualified advice and services. Securicom was the first company in South Africa to introduce email content management and security as a fully-managed service, as well as the first true mobile-as-a-service security solution for mobile infrastructures on the African continent.