Page 76 - Cyber Warnings
P. 76
Securing the Hybrid Cloud: What Skills Do You Need?
Raj Samani, chief technology officer, EMEA, Intel Security Group
Hybrid cloud models offer many well-documented benefits, but they also introduce more
complexity for securing data and applications across the enterprise. And this added complexity
requires an increasingly diverse skill set for security teams. That’s a challenge, considering the
growing cybersecurity skills shortage. In one recent study, 46% of organizations said they have
a “problematic shortage” of cybersecurity skills – up from 28% just a year ago. One-third of
those respondents said their biggest gap was with cloud security specialists.
Modern security teams require a broad and deep mix of technology skills, ranging from twists on
traditional network and OS technology all the way to security on data itself, to address a rapidly
evolving threat landscape. But they also need “softer” expertise, such as knowledge of
compliance regulations and vendor-management skills. Driving this dual focus is the public
cloud’s “shared responsibility model,” in which service providers and enterprises divvy up
various levels of protection across the IT stack. These responsibilities – and the requisite skills –
vary depending on the type of public cloud service.
Security Skills
Certain skills are required across all uses of public cloud. For example, you’ll need in-house
expertise with encryption and data loss prevention controls for content-rich cloud applications.
Your IT teams need to know (and track) where your enterprise data resides in the cloud, what
offerings your cloud service providers offer for data protection, and most importantly, how to
integrate data protection policies in the cloud with your own company policies. On a similar note,
your team will need sophisticated identity and access management (IAM) and multifactor
authentication, including tokenization, regardless of whether you’re deploying SaaS, PaaS,
IaaS, or a combination of those services.
For SaaS, your security teams needs to be familiar with the various applications in use and how
to use logging and monitoring tools to detect security violations and alert appropriate IT staff.
Post-incident analysis is a critically important skill for mitigating active threats and improving
your security posture for future threats.
For PaaS deployments, you will also need to add skills to ensure that native cloud applications
are being developed with security built in at the API level. Adoption of open security APIs can
help to bridge the gaps among proprietary cloud environments.
For IaaS environments, the ability to provision software-defined infrastructure carries the need
for highly technical security professionals who can create policies for server, storage, and
network security on AWS or other platforms. These skills include the ability to monitor usage of
compute, storage, networking, and database services, as well as the ability to manage security
incidents identified in the cloud platform you’re using.
76 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
