How to Fill the Skills Gap Needed for Hybrid Cloud Deployment
Many organizations are already implementing hybrid clouds, combining both the direct accessibility and better latency of a private cloud with the scalability and cost effectiveness of a public cloud. However, security and privacy issues similar to those in public-cloud and on-premises environments remain, and the current cybersecurity skills gap poses a serious problem for enterprises.
The Scope of the Cloud Security Skills Gap
According to ESG, 46 percent of organizations say they have a shortage of cybersecurity skills in 2016, compared to 28 percent in 2015 — an 18 percent year-over-year increase. Specifically, 33 percent of organizations reported a shortage of cloud security specialists, and that shortage is growing as organizations create new positions, such as cloud security architects, to manage their new cloud environments.
Beyond Technical Skills
While high proficiency in security technology is imperative to orchestrate a hybrid cloud deployment, the mental makeup of cybersecurity professionals matters as well.
According to The Cipher Brief, Lee Black, vice president of cybersecurity consulting for Orbis Operations, said he thinks companies need to hire IT professionals who understand the malicious mindset of attackers because this empathy enables them to more effectively protect their companies against security threats. The source notes that this is a limited pool of candidates, but these workers can “help organizations better anticipate how bad actors will approach their networks and enable them to ready to deflect their attacks.”
This finite pool of people is unlikely to grow by any appreciable degree in the near future, and it will certainly not grow to the size necessary to feed the growing demand for such professionals. Adding to the problem, universities aren’t turning out enough cybersecurity talent with specialized skills suited to keep up with today’s demand for specialists such as cloud security professionals.
“This is the conundrum we face as an industry,” according to the ESG report. “Until we develop a strategic plan to greatly improve the supply side of cybersecurity skills, the demand side will become increasingly chaotic.”
While organizations eagerly seek highly skilled and experienced cloud security specialists to add to their ranks, others are opting to use managed service providers to fill the skill gaps.
Choosing a Managed Service Provider
While leveraging a managed service provider is a good way to fill a cybersecurity skills gap, not all providers are created equal. The following are specific considerations you should make before signing a service provider’s contract:
- Performance-Based Contract Stipulations: Most vendors offer service-level agreements that provide one day’s credit for a contract violation. However, this is unacceptable given the serious effects that typically result from an outage or breach. Instead, look for performance-based agreements that have guaranteed response times and countermeasures for security events.
- Money-Back Programs: Besides the aforementioned guarantee on actions to be taken, the managed service provider should also offer a cash-back payment of several thousand dollars in the event of a breach. This will help offset your losses and recuperation costs.
- Multiple Vendor Support: Beyond its own security products, a managed service provider should support other products as well. The reality is that enterprises today always use multiple product lines, and they all need to be secured.
- Considerable Staff Expertise: Warm bodies on payroll don’t amount to much in terms of actual cybersecurity. Take a close look at threat lists and reports (the output of security teams) and compare them to the output of other security teams. Are they finding and reporting new threats ahead of the pack? Are they reporting at regular intervals and as threats appear to keep their customers informed?
The goal here is to secure the right talent and capabilities to protect your assets. These considerations will help you find the right provider that can bridge the skills gap in your enterprise and ensure consistent, reliable cybersecurity when deploying a hybrid cloud.