IT Briefcase Exclusive Interview: The Cloud Security Skills Crisis

It’s no secret that a security skills gap is hindering cloud adoption. In fact, 49 percent of companies are delaying cloud deployment because of this issue. Enterprises of all sizes are under mounting pressure to cultivate the necessary cloud security skills for migration. That said, how can organizations safely get to the cloud before it’s too late? Srini Vemula, global product management leader of SenecaGlobal, shares more on how companies can minimize risks brought on by a lack of cloud security and address the growing skills gap.

• Q. In some cases, companies are rushing to migrate to the cloud before they have the skills needed to operate in this more complex environment. How can IT teams better foster cloud security skills?

A. A lot of the best practices which enterprises employ on premise like confidentiality, integrity and availability (CIA) can actually be transformed into the cloud as well. But companies do have to spend time understanding how on premise parameters like threat categorization, impact, frequency and uncertainty change for the cloud and develop appropriate risk mitigation strategies. Understanding cloud architecture and controls are vital to making these decisions. To get going in this new environment and bring an organization’s skills up-to-date, the Cloud Controls Matrix (CCM) from the Cloud Security Alliance and the Center for Internet Security provide excellent information and frameworks as foundational starting points.

• Q. What are the risks associated with a lack of cloud security skills in an organization?

A. The key area of risk is data governance, which includes: physical data location, secure storage, ownership and access to data. This is the highest priority of consideration when considering a move to the cloud (especially in these environments of virtualization).

Disaster recovery is an area which doesn’t get the attention it deserves, so this needs to be specifically addressed. If not, there is a significant risk that something could bring the business down.

• Q. Which industries are most at risk?

A. Companies which store personally identifiable information (PII) and payment card data (PCI-DSS) are at risk for accidental exposure and deliberate breach of sensitive information, and violation of privacy and regulatory laws. Any company which hosts its core applications has a business continuity risk if the provider is going through an outage, and needs to have a good incident response plan for mitigating such situations. Healthcare, Finance and Government would be amongst the top industries which have a higher risk potential than others.

Srini Vemula is Global Product Management Leader at SenecaGlobal, a world-class software development and technical advisory firm. Vemula has grown the open source software product development services business by leading the acquisition, management and growth of many clients resulting in multi-year engagements and multi-million dollar revenues. Prior to joining SenecaGlobal, Vemula served as Product Manager at Cordys in Hyderabad, India. 

The cloud security skills gap isn’t going away anytime soon — and neither are the risks. But given the right tools and processes, companies can foster the skills needed to safely migrate to the cloud.