When It Comes to Cloud Security, It’s All About the People

The Human Factor: 5 Security Blunders People Keep Making

Recently, I wrote about cloud security and research by the Cloud Security Alliance (CSA) that found that IT professionals are becoming more comfortable with cloud security, but that the one concern that still looms over cloud security – and all security, for that matter – is the lack of qualified security professionals on hand.

That this lack of security professionals remains a problem hints that the real threat to better cybersecurity is people, and this is especially true when it comes to cloud security.

A new survey from Alien Vault finds that not only will it take time to close the skills gap, companies are having a tough time retaining the security professionals on their staff. The research found:

… ‘more challenging and exciting work’ was the most popular reason (33.9%) that made skilled IT employees want to change jobs. Not surprisingly, salary came in at second place (cited by 23.14% of respondents) and flexible work conditions (16.81%) came in third. Training, certification and having the ability to continue to learn new skills was also a leading reason that was often cited as the second or third ranked choice of an employee.

Even when the security professionals are available, they may not have the skills needed to monitor the security of the data in the cloud. It harkens back to that old debate over who is responsible for data (and the security thereof) in the cloud – the service providers or the company contracting the cloud service. As Kaushik Narayan wrote at Dark Reading, it is time for the cloud customer to step up and do its part in cloud computing security, citing a Gartner report that said by this year, nearly all of cloud security incidents will be the fault of the customer, not the service provider. The reason? We’re still seeing a lack of training specifically focused on cloud security. Citing the CSA study, Narayan wrote:

CSA survey respondents specified a lack of expertise as the biggest barrier to effectively detecting and stopping data loss in the cloud. This finding represents a huge pain point for companies; attitudes and technology have advanced to the point that more companies than ever are willing to take advantage of the benefits of cloud, yet the lack of human expertise is still holding back progress.

Security is all about people – the people we put in charge to monitor tools and controls and the people who access the network. Yes, cloud security is getting better because many of the tools are improving and we understand cloud computing much better than we did before. But is your company doing enough to ensure that the actual security professionals are getting the training they need, and are you doing enough to keep them around? Maybe “more challenging and exciting work” will include the “new” frontier of cloud security.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba