Cloud Hosting

If youre looking to strengthen your businesss IT security, the solution includes the human factorand its not just about new hires.

Digital transformation can make almost any enterprise better. It brings together collaborators from around the world, draws smarter insights with the help of machine learning, and empowers businesses to become more responsive and innovative.

This combination of ubiquitous connectivity and cloud computing is changing how people workand the kinds of business strategies an enterprise can pursue.

As much as conversations about digital transformation can focus on finding the right kinds of programmers or data scientists, its equally important to emphasize that digital transformation requires the right kind of security professionals.

But when technology improves, enterprises aren't the only ones to experience innovation increases. Hackers and other bad actors can be pretty innovative too. This is one reason its hard to go more than a few weeks without seeing some new data breach, malware risk, or cybercrime in the headlines.

Successful digital transformation boils down to leveraging technology to produce business outcomes, which is a simple idea. But deploying, connecting, protecting, and maintaining those technologies can be enormously complex, making it easy to accidentally expose security vulnerabilities or to react too slowly to a sudden advance in attackers capabilities.

As much as conversations about digital transformation can focus on finding the right kinds of programmers or the right kinds of data scientists, its equally important to emphasize that digital transformation requires the right kind of security professionals.

According to the 2019 The Cybersecurity Workforce Gap report, 82% of employers report a shortage of cybersecurity skills, with 314,000 additional cybersecurity professionals needed as of January 2019.

The need for security professionals is not new. In fact, security is one of the fastest growing job fields, and not just in IT. According to the 2019 (ISC) Cybersecurity Workforce Study, going forward, there will be 10,000 cybersecurity professionals for every 100,000 U.S.-based establishments.

And yet, for all of this need, this CSIS survey showed that 82% of employers report a shortage of cybersecurity skills, with 314,000 additional cybersecurity professionals needed as of January 2019, despite the 716,000 such professionals already in the field.

Think about that: Its as if every single person in Denver were already working in IT security, but because the job is so big, we need everyone in St. Louis to pitch in as well. That is a huge need and a huge shortage.

So whats causing this shortfall? A large part of it is that the professionals in these roles are bogged down by manual work. Between patching servers, maintaining security infrastructure, updating security configurations, and collecting and analyzing data, theres hardly any time left to design proactive cybersecurity.

As with so many issues in the modern workplace, improvements to this people problem lie in the cloud. Most notably, cloud providers maintain and secure the underlying infrastructure,relieving you of some of the more time-consuming manual tasks of infrastructure management.

The cloud provides security by default with systems that simplify IT resource configuration, deployment, and operation throughout the organization. This frees security professionals to concentrate on tasks that are a better use of their time and skills, like designing and modifying security policies, auditing access to critical systems, classifying business-critical content, and investigating anomalous activity through a business lens.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive, who should have access to what, and how to translate the organizations security and regulatory policy to controls. And since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive and who should have access to what. Moreover, since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

In addition to the people problem, modern security workforces also find themselves facing a skills problem. Security threats are always evolving, as are the solutions and tools, which means that many established security professionals cant keep up with the skills they need to detect and address new types of attacks. The longer it takes to find solutions, the more productivity may suffer across the organization.

On a deeper level, knowledge of the latest skills is essential to strong DevSecOps. The basic concept of DevSecOps is to build apps with security in mind from the start, rather than the traditional tactic of designing security in toward the end of development or bolting it on after systems and apps are built. Executing this requires a deep knowledge of security skills and tools that grows throughout the development process.

The cloud helps overcome these issues by providing access to the latest technological advancements and giving professionals access to the latest tools without the constant need to acquire and retrain.

Security professionals can also use the cloud to drive DevSecOps by embracing the best practices embedded into cloud-based tools. For example, Google Cloud offers vulnerability scanning, deploy-time controls, and configuration managementtools that underpin Googles own best practices for develop-and-deploy processes. With tools like these, security experts can set up strong security practices from the start that persist throughout the projects life cycle.

Learn more: This Google Cloud Next 19 session explores how enterprises can deliver software faster, without compromising security or reliability.

IT security is only going to become more essential as businesses rely more on technology for innovation and competitive advantage, and the need for professionals who are equipped for the challenge is going to grow as well.

Fortunately, with cloud-based security tools and a healthy amount of security by default, not only can security professionals continue to do their jobs effectively even as the landscape changes, but the next generation of experts will likely already be trained on cloud-based tools. That leaves the major people and skills problems in the IT landscape to those who havent taken advantage of the cloud.

Discover how the highest performers scale DevOps to maximize success. Get the latest Accelerate State of DevOps Report.

See the original post here:
Building IT Security Requires Improving Teams - Forbes