Survey: Cloud, Mobile Devices Call for New Security Skills

Susan Hall
Slide Show

Five Top Mobile Device Risks and How to Protect Your Business

A survey just released by the International Information Systems Security Certification Consortium (ISC)2 provides further evidence that security professionals are becoming overwhelmed at the prospect of managing cloud-based services and the wide array of mobile devices. The organization provides certifications including the respected CISSP certification.

 

In the survey of more than 10,000 information security professionals worldwide, 73 percent ranked application vulnerabilities as a top threat to their organization while 66 percent rated mobile devices as the second-greatest risk. Industry analysts Frost & Sullivan conducted the survey for the organization.

 

As Carl Weinschenk has written, every business wants a mobile app these days and there seems to be a tussle for control of app development between vendors and service providers.

 

According to SearchSecurity.com, in the survey, 73 percent said their companies are concerned about application vulnerabilities and more than 20 percent of the security pros said they were involved in software development. Many firms are looking for IT professionals to build security into software requirements and are looking for better tools to test, debug and validate the quality of software.


 

The article quotes (ISC)2 Executive Director Hord Tipton saying:

The idea is that improving the security of software in the development lifecycle combined with more highly skilled code writers and the right people driving projects will reduce software vulnerabilities. At the same time you've got to look at the explosion in the mobile environment; the new ways that applications are being deployed are simply becoming overwhelming. ...
It comes down to biting the bullet and adopting architectures when deciding what you want to allow on the network. If you are too lenient and you allow everything on the network, you've got a lot more than you can really manage and practically all of the mobile platforms have different nuances that require different types of support knowledge.

Tipton said organizations are more concerned about potential leaks of sensitive data than about the threat of mobile malware. The survey also found:

 

  • More than 40 percent reported using Software-as-a-Service.
  • More than 70 percent reported the need for new skills to properly secure cloud-based technologies.

 

While the survey didn't go into detail about the kinds of new skills needed,

  • 91 percent mentioned a need to help business leaders gain a detailed understanding of cloud computing.
  • 81 percent said enhanced technical knowledge of cloud computing.
  • 50 percent ranked contract negotiation skills in the top three.

 

Rob Ayoub, an industry manager of information and communication technologies at Frost & Sullivan, said it's difficult to pinpoint specific cloud skills because every organization is different. But he said IT pros increasingly are being asked how to ensure data availability and security, and to meet compliance requirements during contract negotiations with cloud service providers.

 

Meanwhile, CSO quotes the survey summary saying:

The information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for the major changes ahead, and potentially endangering the organizations they secure.
A clear skills gap exists that jeopardizes professionals' ability to protect organizations in the near future.


Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.