TRENDING
professional. Plugging one gap will not
always fill the other.
Of course, general security skills such
as incident response, data analysis and
threat hunting are still crucial when it
comes to securing the cloud. But they’re
not entirely sufficient. For instance, cloud
security professionals and architects
need to come to the table with a deep
knowledge of identity access management
(IAM), deployment automation and cloud
regulatory compliance.
But just like cloud security is a shared
responsibility between vendor and customer,
so too is the cloud security skills shortage
between the cybersecurity industry and
future professionals. While we must hope
that professionals pursue the right training,
“
CLOUD SECURITY
IS A SHARED
RESPONSIBILITY
BETWEEN
VENDOR AND
CUSTOMER.
the cybersecurity industry must also do its
part in educating both future candidates and
current employees on the ins and outs of
modern-day cloud security.
And this doesn’t just mean teaching the
correct configurations for AWS either,
but rather helping these professionals
learn about the tenets of cloud adoption,
including costs, monitoring, potential barriers
and more.
In summary, when trade-off decisions have
to be made, better visibility should be the
number one priority, not greater control.
It is better to be able to see everything in
the cloud, than to attempt to control an
incomplete portion of it. Once you have
visibility, evaluate what security issues your
cloud infrastructure has faced and map
those issues back to the applicable skills
needed to address them.
From there, securing IaaS and SaaS solutions
shouldn’t seem so cloudy to your IT team. n
“
THE ABSENCE
OF ADEQUATELY
TRAINED
PROFESSIONALS
CAN LEAVE HOLES.
28
INTELLIGENTCIO
www.intelligentcio.com