The need for talented IT professionals remains a top concern for most organizations. According to one recent report, organizations say they currently face skills shortages across a range of IT specialties, including server/systems administration (43%), general network administration (36%), and database administration (31%). The lack of seasoned cybersecurity professionals is even worse, with a skills gap estimated at just under 3 million workers. As a result, according to a report from ESG, 53% of survey respondents reported a problematic shortage of cybersecurity skills at their organization. And that’s just for general cybersecurity personnel needed to support and secure primarily traditional network environments.
But as networks rapidly expand to include the cloud, the problem becomes even more acute. Nearly a third of organizations have identified a challenge in locating individuals capable of managing converged infrastructures that blend traditional and cloud networks into a coherent networked environment. The lack of trained personnel in the area of cloud networking and development is a similar IT challenge, with 41% of organizations struggling to find skilled DevOps professionals, and 37% looking for folks with skills in container administration.
So it’s no surprise that finding security professionals with cloud skills can be like finding a needle in a haystack. As a result, security deployed in the cloud tends to be just like the security running on the physical network: isolated. To make things worse, the security policies, devices, configurations, and protocols deployed on the cloud are often run by an entirely different team, which means there is little consistency in terms of enforcement, correlation, management, or orchestration.
Of course, cybercriminals are all too willing and able to exploit those security gaps between different networks that still need to share data and workflows.
Here is a breakdown of some of the key security skills gap challenges faced by organizations operating cloud networks and services.
1. Cloud Native Security — Organizations adopting cloud networks generally recreate the same security problems that exist in their traditional networks. First, they tend to add security as an afterthought, usually after their cloud infrastructure plans have already been designed. Next, they tend to implement the same legacy solutions in the cloud that they have been using in their core network. Many vendors have simply loaded virtual versions of their physical security devices into the cloud store, and organizations select them because they believe they already know them.
However, these solutions tend to have several serious problems:
Cloud security experts need to be able to deploy, configure, and manage cloud native solutions designed to run in the same elastic and distributed way that cloud applications run and that modern cloud computing platforms require — which is very different from traditional security tools.
2. DevOps vs DevSecOps — Security professionals need to be integrated into your DevOps team in order to ensure that security is built into applications, infrastructure, and services from the beginning at the beginning of every project. Agile application development, for example, needs to be able to link application functionality—especially when critical data is being handled—to security functions in a single, reliable chain in order to protect users without compromising the effectiveness and performance of the application. Generally speaking, this requires skills outside the scope of most cybersecurity professionals focused on mainstream network security strategies.
3. Container Security — This becomes even more challenging when implementing specialized environments, such as containers, that require specific security solutions to be in place. Container security needs a security professional capable of addressing specific challenges, including:
4. Multi-Cloud — These challenges are compounded when spread across multiple cloud environments. And with some experts estimating that 81 percent of enterprises currently have a multi-cloud strategy in place, this is just about everyone.
The challenges in a multi-cloud environment include:
The lack of skilled cybersecurity professionals, especially for cloud environments, may represent an existential crisis to our fledgling digital economy. Addressing this challenge requires a concerted effort on the part of both the private and public sectors of our communities. In the meantime, organizations need to identify IT personnel—preferably, someone with a DevOps background—that can be specially trained in the area of cloud security.
Those individuals then need to be embedded in both the IT security and DevOps teams to not only implement effective security solutions, but also serve to bridge the divide between traditional IT and the cloud. Failure to understand and effectively implement a cloud native security strategy can leave your organization vulnerable to policy and enforcements gaps, as well as limit the performance and functionality of your cloud infrastructure, applications, and services. And that can determine whether or not your organization is able to thrive in today’s digital marketplace.
Learn more about how Fortinet’s NSE Institute provides critical cybersecurity training and education to solve the cyberskills gap and prepare a future cybersecurity workforce.
Learn more about how Fortinet’s multi-cloud solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.