A survey just released by the International Information Systems Security Certification Consortium (ISC)2 provides further evidence that security professionals are becoming overwhelmed at the prospect of managing cloud-based services and the wide array of mobile devices. The organization provides certifications including the respected CISSP certification.
In the survey of more than 10,000 information security professionals worldwide, 73 percent ranked application vulnerabilities as a top threat to their organization while 66 percent rated mobile devices as the second-greatest risk. Industry analysts Frost & Sullivan conducted the survey for the organization.
According to SearchSecurity.com, in the survey, 73 percent said their companies are concerned about application vulnerabilities and more than 20 percent of the security pros said they were involved in software development. Many firms are looking for IT professionals to build security into software requirements and are looking for better tools to test, debug and validate the quality of software.
The article quotes (ISC)2 Executive Director Hord Tipton saying:
The idea is that improving the security of software in the development lifecycle combined with more highly skilled code writers and the right people driving projects will reduce software vulnerabilities. At the same time you've got to look at the explosion in the mobile environment; the new ways that applications are being deployed are simply becoming overwhelming. ...
It comes down to biting the bullet and adopting architectures when deciding what you want to allow on the network. If you are too lenient and you allow everything on the network, you've got a lot more than you can really manage and practically all of the mobile platforms have different nuances that require different types of support knowledge.
Tipton said organizations are more concerned about potential leaks of sensitive data than about the threat of mobile malware. The survey also found:
While the survey didn't go into detail about the kinds of new skills needed,
Rob Ayoub, an industry manager of information and communication technologies at Frost & Sullivan, said it's difficult to pinpoint specific cloud skills because every organization is different. But he said IT pros increasingly are being asked how to ensure data availability and security, and to meet compliance requirements during contract negotiations with cloud service providers.
Meanwhile, CSO quotes the survey summary saying:
The information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for the major changes ahead, and potentially endangering the organizations they secure.
A clear skills gap exists that jeopardizes professionals' ability to protect organizations in the near future.