The widely documented skills shortage in cybersecurity skills shortage has long been a source of frustration for enterprise IT and HR departments. The recruitment problems they face are set to become even more widespread as organisations increasingly migrate to the cloud—presenting a new set of challenges to deploying infrastructure and modern workplace environments.
Attacks are becoming more sophisticated, more disruptive, costlier and more frequent. This can only mean one thing for businesses: they’re more likely than ever to become the next hacking target.
"The public cloud can play a pivotal role in helping organisations mitigate the risks of a malicious attack, as it provides a fundamentally more secure IT environment than traditional on-premise systems. Yet, despite this, security remains a key concern to businesses migrating applications."
That said, the most pressing challenge to enterprise IT is sourcing the right workforce skills to address the very specific needs of security in the cloud.
What skills are needed?
Rapid growth and innovation
Long before widespread adoption of the cloud, the supply of cybersecurity skills had been struggling to keep up with demand. The web had been growing at an exponential rate, opening up traditional IT to the outside world and providing new entry points for hackers to penetrate enterprise infrastructure.
With the advent of the cloud, this problem has only been exacerbated; conventional criminals quickly recognised the scale of opportunity in cyberspace and began to switch their focus to hacking and crime in the virtual world.
New security tactics
As more organisations migrated their systems and major workloads to the cloud, the cybersecurity goalposts shifted. As a result, they now needed people who also fully understood the dynamic, distributed, and ephemeral nature of the cloud, where:
- You can spin up and close down resources at the click of the button
- Network addresses frequently change
- Systems are based on an application architecture of loosely coupled distributed microservices
- You share infrastructure with other public cloud users
This demanded a shift away from the traditional security approach, which was tied up in packet sniffing, physical network devices, and perimeter lockdown. Instead, cloud security would focus much more on protection of individual workloads and environment configuration.
Lack of training for specialised skills
Another problem has always been the lack of professional training and formal education aimed at preparing people for a career in cybersecurity. This means companies continue to rely heavily on the existing security talent pool today.
What makes recruitment all the more challenging is the fact that they need professionals with not only specialist knowledge of cloud security, but also a strong understanding of the many technologies that intersect with the cloud—such as DevOps, big data, and virtualisation. This can require years of experience, which you simply cannot get by recruiting computer science graduates straight out of university.
Whether you’re just creating your migration strategy, deploying, evolving or optimising, there’s a specialist who can help.
📲 Like what you read on the MYREDFORT Community? Follow us on LinkedIn to see the latest articles and insights as they go live.