It's Time to Secure that Cloud...but What Skills Do You Need?

By Steve Anderson
Contributing Writer

The cloud is an increasingly valuable part of our everyday operations, and it shows. From video conferencing to file sharing and a host of other activities, we call on the cloud to get the job done. Yet with all that information going through the cloud, we must also be careful to protect it. That's a taller order than some expect.  And, a new Cloud Security Alliance (CSA) industry blog by Brian Dye, Corporate Vice President & General Manager/Corporate Products, Intel (News - Alert) Security Group, helps illustrate just what skills we'll need to secure the cloud.

The problem with summarizing what skills are needed is to first decide what breed of cloud-based service will actually be used. Next is whether the focus will be on the provider or user side of things. Realities are that some skills, thankfully, are universal, particularly those involving encryption and data loss prevention. Dye’s list of universal skills also includes: 

• Tracking and locating data on the cloud
• Policy management
• Identity and access management (IAM) systems

The reasons are simple, i.e., such skills are useful whether you are working on the provider side or on the user side.

Additionally, there's a value in compliance and audit skills. In fact, with service level agreements (SLAs) becoming increasingly part of the cloud-based landscape, it becomes important for both sides to know just how often the system is up and active and how often it should be, so as to determine if the SLA is being honored. The user end is obviously is looking to ensure the most runtime, while the provider end is seeking to meet and hopefully exceed customer expectations.

The growth of new private clouds is also noted as a place where training and certifications are going to be important since such implementations allow enterprise users to keep the cloud as more of an in-house proposition. This means having truly skilled professionals with specific security knowledge that often relates to extensive platform education for the likes of virtual machines or the OpenStack framework. Greater network insight and functions related to software-defined networking (SDN) are also suggested parts of the repertoire by Dye. 

What is important to understand from reading the posting is that Dye is providing examples.  Indeed, this should be viewed as just a short list of the skills that will be required to assure enterprises, and for that matter their service providers, have employees with the skills needed to provide the best possible protection as clouds of all types, and hybrid deployments, continue to accelerate for ever more mission critical applications and services. 

As frequent visitors to the Cloud Security Resource Community are aware, regardless of whom the employer is, service provider or enterprise, there is a shortage of skilled professionals to fill key positions. That is good news for those looking to advance their careers by taking advantage of additional cloud security training and certifications, and for those seeking entry into a career that is only going to become more “mission critical” itself as the world becomes more cloud and software-centric, and those with malicious intent continue to look for what are expanding vectors of vulnerability to exploit.