Intelligent CIO Middle East Issue 34 - Page 28

TRENDING professional. Plugging one gap will not always fill the other. Of course, general security skills such as incident response, data analysis and threat hunting are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation and cloud regulatory compliance. But just like cloud security is a shared responsibility between vendor and customer, so too is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, “ CLOUD SECURITY IS A SHARED RESPONSIBILITY BETWEEN VENDOR AND CUSTOMER. the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers and more. In summary, when trade-off decisions have to be made, better visibility should be the number one priority, not greater control. It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it. Once you have visibility, evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them. From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team. n “ THE ABSENCE OF ADEQUATELY TRAINED PROFESSIONALS CAN LEAVE HOLES. 28 INTELLIGENTCIO