Information Security Professionals Need New Skills to Secure Cloud-based Technologies, Study Warns
More than 70 percent of information security professionals admit they need new skills to properly secure cloud-based technologies, a survey conducted by Frost & Sullivan and sponsored by (ISC)2 revealed. The 2011 (ISC)2 Global Information Security Workforce Study (GISWS) is based on a survey of more than 10,000 (2400 in EMEA) information security professionals worldwide and some of its findings are alarming, including the fact that a growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs.
The widespread use of technologies like cloud computing and deployment of mobile devices jeopardizes security of governments, agencies, corporations and consumers worldwide over the next several years, the survey said.
The survey also finds that most respondents believe they and their employees need new skills to meet the challenges of new technologies like cloud computing and the growing number of social networks and mobile device applications. Actually, these findings are not surprising since information security professionals have always been a step behind the growing number of new technologies that appear very fast. One could not expect that information security staff will be well-prepared to answer all security threats related to fast paced market of cloud computing and mobile devices. Moreover, information security professionals are under pressure from end-user who want new technologies to be deployed as soon as possible, sometimes underestimating the related security risks.
“In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide,” Robert Ayoub, global program director – network security for Frost & Sullivan, commented in a press release.
More alarming is that cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. Over 50 percent of respondents admitted they are using private clouds (55 percent EMEA), with over 70 percent (75 percent EMEA) realize the need for new skills to properly secure cloud-based technologies.
However, respondents reported application vulnerabilities as the greatest threat to organizations with 72 percent of those surveyed worldwide are ranking application vulnerabilities as No. 1 threat.
Mobile security could be the single most dangerous threat to organizations worldwide, the survey revealed, while about 70 percent (67 percent EMEA) of respondents reported having policies and technology in place to meet the security challenges of mobile devices.
Social media is another big threat, and respondents reported inconsistent policies and protection for end-users visiting social media sites, according to the study. Viruses and worms, hackers and internal employees are considered less threatening compared to 2008, the most recent year of the study.
Demand for information security professionals will continue to grow at 13.2 percent a year until 2015, reaching 4.2 million (1.15 million in EMEA) compared to 2.28 million (over 617,000 in EMEA) in 2010. Regulatory compliance demands, greater potential for data loss via mobile devices and mobile workforce, and the potential loss of control as organizations shift data to cloud-based services are among the most important factors behind the growing demand for professionals.
“We are seeing a paradigm shift in how organizations are operating, brought on by the triple impact of cloud computing, the pervasive use of mobile devices and social media via the corporate network, along with the wave of new applications being developed to support it all,” John Colley, CISSP, managing director for EMEA of (ISC)2, commented.
The survey was conducted among 10,413 information security professionals from companies and public sector organizations around the world in the fall of 2010, including 61 percent in the Americas, 22.5 percent in Europe, the Middle East and Africa, and 16.5 percent in Asia Pacific. Forty-five percent (42 percent EMEA) were from organizations with over 10,000 employees.
By Kiril Kirilov