Cloud Security, Training, Security Staff Acquisition & Development
Don’t let the IT skills gap hold back cloud security

Today’s columnist, Sudha Iyer of Illumio, offers a strategy for companies to maintain effective cloud security even while facing the ongoing IT talent shortage. (Stock Photo, Getty Images)
The years-long IT talent shortage isn’t a trend: it’s now the status quo. The World Economic Forum reports a shortfall of 3.4 million cybersecurity experts, a problem the industry won't soon solve.Yes, the skills gap burdens understaffed IT security teams tremendously, but don’t let that become an excuse for lacking effective cloud security outcomes. While many companies can’t hire additional personnel, there are other ways to harden the organization’s cloud security posture. Building resilience while short-staffed will require recalibrating the company’s security strategies.Today's strapped security teams must adapt as developers often build cloud infrastructure to meet business needs at a rapid pace, with each change posing potential misconfiguration risks. In this new threat landscape, the security team can no longer protect an organization’s cloud infrastructure alone. Cloud security and building resilience from the get-go must become everyone’s responsibility.In a world where breaches are inevitable and security teams are spread thin, it’s also essential to implement a more proactive approach to securing cloud infrastructure than the model organizations have relied on for decades. Security teams can’t set up a network perimeter and monitor for attacks because there’s no perimeter around the cloud infrastructure. They have to verify the access and authentication with every call made. No matter how many security personnel the company employs or the technologies implemented, there’s no way to prevent 100% of all attackers from finding and exploiting a vulnerability—a breach will occur, if one hasn’t already. The enterprise must now focus on risk management and not trying to resolve every potential vulnerability and suspicious activity. Enterprise networks are dynamic and what was a top-of mind-issue last week can dramatically change this week because of evolving macro conditions, industry, or the company itself. Companies can raise awareness by conducting tabletop exercises—discussion-based sessions on emergency scenarios like data breaches. If the organization never held a tabletop exercise, the National Institute of Standards and Technology (NIST) offers a comprehensive guide to get the team started.Other proactive measures can also help ensure the organization is more agile when responding to potential breaches. I recommend regularly conducting penetration tests to simulate attacks and to identify vulnerabilities. These tests can discover weaknesses before malicious attackers do, thereby improving an organization's overall security posture. Additionally, hold regular employee education and training sessions, not just once during the new employee onboarding process. Make everyone in the organization an extension of the security team.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds