It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it.
cyber trends
security verification team, is crucial to operating at the speed today’ s business environment demands
• Deployment automation and management tools: Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own. Automation can augment human advantages with machine advantages, creating a fundamental component of modern IT operations. Deployment automation and management tools, such as Chef, Puppet, or Ansible are examples which can be used in both public and private cloud environments
• Unified security solution with centralised management across all services and providers: Multiple cloud provider management tools make it too easy for something to slip through. A unified management solution with an open integration fabric reduces complexity by bringing multiple clouds together and streamlining workflows
Mind the gap
While visibility is crucial, the absence of adequately trained professionals can leave holes in many aspects of a modern-day security infrastructure, with one of the widest specifically involving cloud security.
The cloud is a nuanced area in technology and securely managing it requires specific knowledge. In fact, according to the same report I cited earlier, more than 25 % of organisations using infrastructure as a service( IaaS) or software as a service( SaaS) have experienced data theft from their hosted infrastructure or applications.
Furthermore, 20 % were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates or a selection of the wrong technology.
It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it.
security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.
Security skills vs cloud security skills
However, it’ s important to note that the list of skills required for successful cloud security isn’ t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other.
Of course, general security skills such as incident response, data analysis and threat hunting are still crucial when it comes to securing the cloud. But they’ re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity
access management( IAM), deployment automation and cloud regulatory compliance.
But just like cloud security is a shared responsibility between vendor and customer, so too is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security.
And this doesn’ t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers and more.
In summary, when trade-off decisions have to be made, better visibility should be the number one priority, not greater control. It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it. Once you have visibility, evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them.
From there, securing IaaS and SaaS solutions shouldn’ t seem so cloudy to your IT team. u
These breaches make one thing apparent – organisations are not only lacking cybersecurity talent, but sufficient cloud
www. intelligentciso. com | Issue 06
21