Competing Cloud Security Demands Call For Credentialed Professionals

Demand For Credentialed Professionals

It is not possible to stare with absolute clarity into the future. None of us has a crystal ball. But there is certainty in knowing that the path to progress on which our future lies curves steeply upwards. Gordon Moore originated a concept, now called Moore’s Law, in 1965. It was intended to describe the constant doubling of processing power in semiconductor chips every two years in an exponential fashion. Although this law was originally designed to describe the progress of computer components, it has subsequently been adapted by numerous futurists to reflect the pace of human technological change in general.

Transistor_Count_and_Moore's_Law

Technologies such as the cloud, mobile devices, and the Internet of Things have not only increased collective processing power, but have also distributed it worldwide so that human beings from every corner of the planet can access and use the technologies. This is good news when efforts are applied to innovation and progress, but not so good news in terms of threats to network security.

Following the upward progression of Moore’s Law, security specialists face an ever-increasing variety and sophistication of attack vectors, happening 24 hours a day and mutating constantly. It becomes increasingly difficult to guard a castle when the attackers are so numerous, agile and versatile, but such is the life of the cloud security professional.

Cat And Mouse With Attackers

For many organizations, IT-related security professionals play a game of cat and mouse with attackers, and this is usually performed in reactive, firefighting mode. At a senior management level, a lack of true understanding of the severity and frequency of attacks, combined with perpetual concerns over costs, have left many organizations understaffed in this area. The problem with this scenario, much like it is in any war, is that strategies cannot be deployed without a higher level vision and a long-range plan. Security specialists who exist purely in firefighting mode represent common foot soldiers, marching or running toward battle but with little overarching strategy of how to outflank the enemies in a more decisive fashion.

Cloud security is a profession that, possibly more than most, cries out for effective time management. Deficiency in this skill is generally not because of any ignorance of its importance, but simply a result of the workload at hand. Most security specialists readily state that given their choice they would prefer to invest a portion of their working time to research, education, and preparedness planning. This, they feel, would lead to far more effective security protocols, both in terms of technological barriers and also in teaching employees the correct techniques and habits for safe computing, password management and general network security hygiene.

Assignment of time in this fashion is an ideal implementation of the Pareto principle, otherwise known as the 80/20 rule, in this case, pointing to the fact that more could be achieved by dividing the workload into two camps: planning and preparedness (20%), and then action and deployment (80%). Only by allowing time for research, review and strategy, can a security professional and the employer gain the upper hand in the constant battle with cloud-based enemies.

Malware Fridays

A simple example of the strategic clarity that the 80/20 principle can deliver is the Friday effect. Network security company Cyren pointed out recently that Fridays are the most dangerous days for the delivery of Malware.

This is predicated on the fact that employees prefer to take their devices home with them for the weekend, and consequently turn to less-than-secure Wi-Fi connections for doing work and returning emails. When employees work outside a secure firewall, cyber criminals can exploit this weakness, leading people to unwittingly download malware, which is then reinserted into a company’s network upon their return to work on Monday. This type of strategy, which may appear fiendishly straightforward, has a pattern that can best be perceived through a higher level view, and is not available to be picked up by security specialists already overwhelmed by immediate crises.

Seeking Certified Professionals

As companies invest in cloud security, they should be seeking certified professionals, such as the Certified Cloud Security Professional (CCSP℠) from (ISC)2®, a global leader in information, cyber, software and infrastructure security certifications, who have the demonstrated experience, knowledge and skills to competently address the many challenges of this role – from reacting to threats to ongoing maintenance of secure cloud infrastructure to communicating effectively with business leaders. This is a lot to ask of any individual and, similarly, it is a lot to ask of a company: allowing time for the expert to prepare for the future while battling the present. It requires resources, and senior-level commitment.

The one constant, however, is that this will not change. In fact, it will only increase. A certified cloud security professional is there to establish and maintain appropriate defenses so organizations can benefit from the full power of cloud computing to grow their business.

For more on the CCSP certification from (ISC)2 please visit their website. Sponsored by (ISC)2.

By Steve Prentice

Jonathan Custance
IoT –  Part of Your Essential Kit Jonathan Custance, Co-Founder of Green Custard outlines how industrial organisations can leverage IoT to dramatically reduce their carbon footprint  Technological progress and environmental sustainability have always been at ...
Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...
Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
The all-new Stellar Repair for MS SQL – an Efficient Tool to Fix SQL Database Corruption
Efficient Tool to Fix SQL Database Corruption SQL database corruption is not uncommon. There are many reasons for SQL database corruption, such as virus infection, bugs in the SQL Server, errors during updates, abrupt system ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.