A new report from McAfee highlights the skills gap when it comes to security in the cloud. The report reveals that one in four organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced cybersecurity threats that compromised some data. Moreover, one in five were infiltrated by advanced attackers targeting their public cloud infrastructures.
Why? Because the lack of cloud security talent at companies puts them at more risk for data breaches. Also, that talent gap is delaying enterprise migration to cloud computing.
The trouble is that even if you find people with deep general IT security skills, those IT security skills are not cloud security skills; for example, the ability to deal with identity access management (IAM) on Amazon Web Services. Traditional IT security skills are important, but not sufficient.
The fact is that enterprises have done a poor job in prepping the talent pool for the cloud. The skills gaps—not only in cloud secrity but cloud databases, cloud networking, and cloud monitoring—is becoming the real barrier to enterprise cloud adoption. As I always say, the technology is easy, the people issues are hard.
The obvious solution is to hire faster, hire better, and put an aggressive hiring and training plan, as well as budget, in place. But before you do that, I advise that you first do a skills gap analysis of your current skills inventory to see what skills the addition of cloud and other new enabling technologies requires but you don’t yet have.
Also, understand that having poor talent is worse than not having the talent at all. The breaches that I see are caused by people doing dumb things, not by the lack of technology. Things are misconfigured, updates are not applied, or the wrong technologies are chosen. Indeed, you can trace most breaches over the last five years to that root cause of poor talent.
Let’s not repeat that with cloud. Get smart, skilled people.