The use of the cloud is almost mainstream for companies these days. Few innovations have changed the enterprise technology landscape as much as the cloud. Today nearly every next-generation solution that offers digital business opportunities is based on a cloud platform.
Organizations increasingly rely on the cloud as part of their growth strategies and associated business requirements – but security is often neglected. There is no denying that the cloud is a boon for the digital age. The technology offers almost unlimited scalability, reliability, disaster recovery, redundancy, and integrated security with native cloud services – and this is also extremely cost-effective. In addition, decision-makers in companies are particularly impressed by the flexibility since the cloud can be easily adapted to the business and further developed at any time.
However, incidents such as the hack of Capital One data show the vulnerable downside of the technology: In 2019, 106 million customer data hosted in an AWS cloud was stolen – and a wave of lawsuits was the result. Such situations highlight the challenges and difficulties in securing and protecting data, interoperability, and compliance with regulations and constraints that CISOs must address.
The list of challenges for CISOs doesn’t end there. Other obstacles include:
- Lack of multi-cloud visibility and control from a single dashboard window for security and privacy issues and compliance violations,
- Challenges in integrating native public cloud services, and
- There are problems in adopting multi-cloud services with a single-cloud architecture across cloud platforms, authentication frameworks, security monitoring, event correlation, etc.
Note The (Skills) Gap
There is a common thread running through all of these challenges – the matching skills. The market for qualified cybersecurity professionals is highly competitive, and the demand significantly exceeds the low supply. This is even more true for cybersecurity professionals whose expertise lies in the changing security landscape that comes with cloud technologies.
This gap demands a high price from companies. The experts for cloud security already available are struggling with an increased workload due to the shortage of skilled workers. This, in turn, increases the likelihood of human error, a mismatch between tasks and skills, or even burnout. CISOs often need to recruit and train young people instead of hiring experienced cybersecurity professionals to fill the talent gap.
Too heavy a workload also means employees don’t have enough time to learn or use the security technologies available to them fully and thus realize their full potential. From a strategic point of view, cybersecurity is, therefore, only partially aligned with the requirements and processes of the company. This isolation of cybersecurity results in sidled security protocols—for both the cloud and physical networks.
Attract Skilled Workers
Organizations should face the battle for talent with a multi-pronged strategy that works short, medium, and long term. Cybersecurity – especially in the context of relatively new technologies like the cloud – focuses on specialized niche talent with a DevOps background. This talent can be found at cloud specialists and managed service providers. By cooperating with such companies, companies gain access to sought-after specialist knowledge, which also benefits their employees. In cooperation with the external specialists, they learn the relevant skills with sufficient time and under supervision, without endangering the security situation or affecting productivity. A continuously iterated Descopes approach ensures that bugs are identified and fixed as they arise throughout the process. Therefore, security is guaranteed throughout the entire process and not just at the endpoints.
In the medium term, however, the training of internal talents with the appropriate skills cannot be replaced. This approach also has numerous advantages: Existing employees receive institutional knowledge from external specialists and pass it on to other colleagues – compared to hiring a new expert, this approach saves time and money. It also saves productivity lost in training a new employee on internal systems and processes.
The key to the strategy is to motivate employees to step out of their comfort zones and develop a culture of continuous learning within the workforce that conveys the benefits of upskilling to employees and helps them work on their strengths. This allows them to rethink their role and growth to learn and deepen new skills.
In the long term, the industry needs to work with educational institutions to keep their cybersecurity training current with ever-changing threat perceptions. The unemployment rate in cybersecurity has been zero percent for the past eight years.