Advertisements

Google Cloud BrandVoice: Building IT Security Requires Improving Teams

But when technology improves, enterprises aren’t the only ones to experience innovation increases. Hackers and other bad actors can be pretty innovative too. This is one reason it’s hard to go more than a few weeks without seeing some new data breach, malware risk, or cybercrime in the headlines.

Successful digital transformation boils down to leveraging technology to produce business outcomes, which is a simple idea. But deploying, connecting, protecting, and maintaining those technologies can be enormously complex, making it easy to accidentally expose security vulnerabilities or to react too slowly to a sudden advance in attackers’ capabilities.

As much as conversations about digital transformation can focus on finding the right kinds of programmers or the right kinds of data scientists, it’s equally important to emphasize that digital transformation requires the right kind of security professionals.

The right people can be hard to find

The need for security professionals is not new. In fact, security is one of the fastest growing job fields, and not just in IT. According to the 2019 (ISC)² Cybersecurity Workforce Study, going forward, there will be 10,000 cybersecurity professionals for every 100,000 U.S.-based establishments.

And yet, for all of this need, this CSIS survey showed that 82% of employers report a shortage of cybersecurity skills, with 314,000 additional cybersecurity professionals needed as of January 2019, despite the 716,000 such professionals already in the field.

Think about that: It’s as if every single person in Denver were already working in IT security, but because the job is so big, we need everyone in St. Louis to pitch in as well. That is a huge need and a huge shortage.

So what’s causing this shortfall? A large part of it is that the professionals in these roles are bogged down by manual work. Between patching servers, maintaining security infrastructure, updating security configurations, and collecting and analyzing data, there’s hardly any time left to design proactive cybersecurity.

Free your cybersecurity professionals with the cloud

As with so many issues in the modern workplace, improvements to this “people problem” lie in the cloud. Most notably, cloud providers maintain and secure the underlying infrastructure, relieving you of some of the more time-consuming manual tasks of infrastructure management.

The cloud provides security by default with systems that simplify IT resource configuration, deployment, and operation throughout the organization. This frees security professionals to concentrate on tasks that are a better use of their time and skills, like designing and modifying security policies, auditing access to critical systems, classifying business-critical content, and investigating anomalous activity through a business lens.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive, who should have access to what, and how to translate the organization’s security and regulatory policy to controls. And since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive and who should have access to what. Moreover, since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

Overcoming the skills gap

In addition to the “people problem,” modern security workforces also find themselves facing a “skills problem.” Security threats are always evolving, as are the solutions and tools, which means that many established security professionals can’t keep up with the skills they need to detect and address new types of attacks. The longer it takes to find solutions, the more productivity may suffer across the organization.

On a deeper level, knowledge of the latest skills is essential to strong DevSecOps. The basic concept of DevSecOps is to build apps with security in mind from the start, rather than the traditional tactic of designing security in toward the end of development or bolting it on after systems and apps are built. Executing this requires a deep knowledge of security skills and tools that grows throughout the development process.

The cloud helps overcome these issues by providing access to the latest technological advancements and giving professionals access to the latest tools without the constant need to acquire and retrain.

Security professionals can also use the cloud to drive DevSecOps by embracing the best practices embedded into cloud-based tools. For example, Google Cloud offers vulnerability scanning, deploy-time controls, and configuration management—tools that underpin Google’s own best practices for develop-and-deploy processes. With tools like these, security experts can set up strong security practices from the start that persist throughout the project’s life cycle.

Building better security professionals

IT security is only going to become more essential as businesses rely more on technology for innovation and competitive advantage, and the need for professionals who are equipped for the challenge is going to grow as well.

Fortunately, with cloud-based security tools and a healthy amount of security by default, not only can security professionals continue to do their jobs effectively even as the landscape changes, but the next generation of experts will likely already be trained on cloud-based tools. That leaves the major people and skills problems in the IT landscape to those who haven’t taken advantage of the cloud.

Discover how the highest performers scale DevOps to maximize success. Get the latest “Accelerate State of DevOps Report.”

Rob Sadowski is the Trust & Security Product Lead for Google Cloud at Google. He is responsible for creating and delivering Google Cloud’s security message, spanning platforms, applications, and connected devices. Prior to joining Google, he held multiple senior roles in strategy and marketing at RSA Security, a Dell / EMC Company and came to RSA as part of the team that drove the creation of EMC’s Security division. He is a former member of the PCI Security Standards Council Board of Advisors and has been an expert commentator on security issues to global media outlets including CNN, USA Today, the Financial Times, NPR, Fox Business, and CNBC.

Source: Google Cloud BrandVoice: Building IT Security Requires Improving Teams

Please follow my instagram: http://instagram.com/arminhamidian67

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: