Organisations struggle with skills to secure cloud
Survey by Cloud Security Alliance shows lack of security skills still a barrier to cloud adoption
Lack of skills, not lack of budget, is the biggest challenge for securing applications in the cloud, according to a survey by the Cloud Security Alliance, and cloud security company Skyhigh Networks.
The global survey of 228 IT and IT security professionals found that while there is a growing adoption of cloud solutions in various models, organisations still see a lack of security skills as a barrier to being able to get the most from new technologies.
The survey found that IT security budgets will rise for 53.7% respondents in the next 12 months, up from 44.5% of budgets that increased in the last 12 months, and only 5.7% expected their security budget to be cut in the next 12 months.
Despite the increase in spending, a previous CSA survey identified lack of trained security personnel as an ongoing issue for 30.7% of organisations to be able to effectively prevent data loss.
The new survey showed that despite increasing reliance on PaaS and IaaS cloud offerings for infrastructure, with 45.1% of organisations using a hybrid model of public and private cloud services, security concerns are still at the forefront for PaaS adoption. Among the barriers cited to PaaS are platform security concerns (62%); an inability to secure apps in IaaS environments (40.5%) and lack of control over jurisdiction and data sovereignty for privacy compliance (37.9%).
There is a difference of opinion between IT workers and IT executives on how to remedy the skills gap, with workers preferring that they receive more training in security (32%), while leaders want to hire new security staff (37.1% of respondents). Eighteen percent of respondents are looking to IT security graduates to address the problem, while only 4.4% would outsource security.
The shift to cloud is also influencing the skills required to manage IT, with more importance placed on incident response management capabilities (80%); experience with large datasets (75%) and the ability to communicate with non-IT departments (66.4%).
Survey respondents are also looking for new technology solutions to address the cloud, with all of the IT professionals surveyed who have experience with endpoint controls reporting significant challenges with these deployments, and 32% saying that security incident alert solutions are ignored due to too many alerts and a lack of actionable information in alert reports.
Organisations varied in their approach to securing the cloud, although 70% said that they believe the cloud application provider should not also be the security provider. Ffity-six percent would like a single application to handle security for all their cloud deployments, while 38% manage security for each app separately.