The Perfect Storm: Lack of Security and Cloud Skills

Blog AWS Security Cloud Security

It is a fact that the security industry suffers from a chronic shortage of skilled employees. This global shortage, which ISC2 estimates at 4 million professionals. The global workforce is estimated at 5.5 million people, meaning it nearly needs to double itself to keep up with growing demand.  This is so profound that 71% of organizations report that the cybersecurity skills shortage has impacted them, making it difficult for cybersecurity professionals to do their job.

But wait. There’s more. As if the security skills gap was not challenging enough, organizations now need to address a similar problem in an adjacent field of cloud computing. The rapid adoption of cloud technology demands many more skilled professionals in this field. Sadly, in this case too, the demand greatly exceeds the supply, and the shortage is effecting nearly all organizations. According to a recent survey, nearly all (98%) of global organizations are facing a cloud skills gap. So, when discerning these two trends we can clearly identify that the most acute shortage lays in the converging point between traditional security and the cloud.

What are the immediate implications of this shortage?

This shortage is impacting organizations in different ways. Shortage of security professionals tends to impact the “here and now” while shortage of cloud professionals usually impacts future plans and activities.

Shortage in security personnel creates load on existing security teams. This leads to mistakes and security breaches. It is forecasted that by 2025, lack of talent or human failure will be responsible for over half of all significant cybersecurity incidents. This increased load on existing teams accelerates churn and burnout. It is also detrimental for adopting new products and technologies that could improve security posture.

Shortage in cloud personnel results in slower adoption of cloud technologies, imperfect adoption of security procedures and products (about 25% organizations reported insufficient expertise and training to implement cloud security effectively) and the result is more errors which lead to more security incidents.

What should be done?

Expecting the academia, government or the industry to suddenly produce the required number of trained professionals is naïve (even though the US government is working to address this issue with its recently published “National Cyber Workforce and Education Strategy” and budget allocation). Instead, organizations need to rethink their security and cloud strategies. Instead of thinking of these as two different silos, a single “Cloud-forward” strategy should focus on cloud adoption while maintaining adequate security levels and leveraging the existing manpower. Then, organizations need to adopt security measures that reduce load, that proactively seek and repair vulnerabilities and misconfigurations, and allow even junior analysts to make informed decisions in real-time. Oh- and these products need to be installed and implemented in a breeze- otherwise, there will be no one who could use them.

Summary

With time, security professionals will become cloud security experts. It will happen because most of the systems they will work with will be operating in cloud environments, and because these professionals will see this is a way to “future-proof” their careers. Nearly half of security professionals today see cloud security as the most sought-after skill for career advancement. In the future, security professionals will probably by synonymous with “cloud professional”. But until this happens, organization must acknowledge that the shortage exists, that it’s not going to be resolved anytime soon, and that implementing the right technology today can great reduce the inherent risks of understaffed, underqualified, overworked security teams.

With this in mind, organizations should incorporate automation and AI-based security platforms into their cloud security. Skyhawk Security’s AI-based autonomous purple team continuously analyzes customer cloud infrastructure, proactively runs attack simulation against it and uses the results to prepare verified detections, validated automated response and remediation recommendations to ensure the cloud has the most up to date security defenses in place. This continuous protection process includes learning and automated adaptation of threat detection methods.

Blog

Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud and the motivation of attackers to utilize this to their

AICloud BreachCloud SecurityThreat Detection
Blog

Russian hackers are shifting their interest to the cloud, and have successfully breached cloud infrastructure. This is what a joint advisory issued by the U.K.’s National Cyber Security Centre (NCSC), the NSA, CISA, the FBI, and cybersecurity agencies from Australia,

AICloud BreachCloud SecurityThreat Detection
Blog

The common joke around security folks is that everyone knows what a password is, but not many remember their own passwords. But even so- passwords are an essential security mechanism and now, NIST is updating its recommendations regarding passwords policy,

AICloud BreachCloud SecurityThreat Detection
Blog

When evaluating a cloud security solution, it is imperative to know how well it will detect threats in time to prevent a breach. Here are three examples out of many in which our customers were able to detect an incident

AICloud BreachCloud SecurityThreat Detection
Blog

In honor of Cybersecurity month, Skyhawk Security is offering a free 30-day subscription to the complete platform.   Why try Skyhawk Security?  Your Security and Development teams are overwhelmed with the number of CNAPP findings. There is a constant argument between

AICloud BreachCloud SecurityThreat Detection
Blog

When Skyhawk set out to develop a new cloud security solution it was already clear that traditional security paradigms were not appropriate for cloud environments. Traditional security was built to secure on-premises environment. These environments were protected by numerous security

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.