BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Skills Shortage Threatens Cloud Security

Forbes Technology Council

CEO and cofounder of Ermetic, a provider of public cloud security technology for AWS, Azure and Google Cloud infrastructures.

The concept of digital transformation has been with us for almost a decade now, and it has become the driving force behind the IT efforts of most enterprises and almost always involves multicloud deployments. In fact, 71% of respondents to a recent survey agreed that it’s “difficult to realize the full potential of a digital transformation” without a multicloud strategy. At the same time, 41% of the executives don’t think their security initiatives have kept up with digital transformation.

One of the primary roadblocks to implementing a strong cloud security posture is the fact that each major public cloud platform uses a different approach and tools for protecting its infrastructure. For example, AWS, Azure and GCP don’t handle basic security functions such as identity and access management (IAM), privileged access management and VPNs in exactly the same way. There are nuances that must be taken into account in order for security measures to work properly.

The Talent Crunch Meets The Budget Crunch

The professionals who understand these nuances are not easy to find. According to one study, there were roughly 715,000 unfilled cybersecurity positions in the U.S. in 2021. There are few IT organizations that aren’t suffering from a lack of skilled security personnel, and the competition for talent is intense.

The combination of rising interest rates and fears of an economic slowdown has made matters even worse. Corporations are tightening their purse strings. Roughly 35,000 technology workers have been laid off this year, and many of the largest companies have either implemented hiring freezes or at least cut back. For example, Meta has cut back its hiring plans by 30%. Forced to operate with reduced budgets, IT organizations that manage to locate candidates with the right skill set may not have the budget to hire them.

Upskilling: The Win-Win Alternative

Faced with this situation, one of the best alternatives is to upskill current employees. It provides a win-win proposition for organizations and their employees that has important benefits beyond removing the security-related barriers to digital transformation.

• Retention - According to a Gallup survey, 61% of workers consider the existence of upskilling programs as “extremely” or “very” important when deciding whether or not to remain in their current job.

• Productivity - Companies with strong training programs achieve a 218% higher income per employee than those that lack such programs.

Companies that choose to take the upskilling path have several options. One of them is internal training, although this approach may be met with budget problems during an economic downturn. An outside resource is probably more practical. There is no shortage of resources. Some training companies, such as Coursera, have a broad range of offerings. Others, like Cloud Academy and A Cloud Guru, are highly specialized. Many large organizations form partnerships with universities or community colleges, as well as professional organizations such as ISACA, ISSA, SANS and others as a foundation for their upskilling efforts.

As might be expected, employees strongly prefer upskilling programs where their company foots the bill over self-paid programs (71% vs. 34%). They also strongly favor programs that take place during working hours vs. on their own time (65% vs. 46%).

Guidance Counts

Whatever form an upskilling program takes, it’s clearly important to ensure that employees’ new skills match those that are needed to bolster cybersecurity in the context of digital transformation. This is not necessarily an easy task. Multicloud and hybrid environments are uncharted territory, at least to some extent, and it may not be self-evident which skill sets are needed. A cloud-oriented security maturity model can be an enormous help in planning an upskilling program.

Maturity models typically comprise four or five levels that go from an unstructured, ad hoc approach with no dedicated individuals for cloud security to one where major security processes like incident detection and response are automated, and security measures are incorporated into the development process.

In today’s business world, where digital transformation is a crucial competitive factor, and the security personnel essential to that transformation are in short supply, upskilling is central to success. Guiding upskilling efforts with a clear security maturity model that is supported by a cloud center of excellence makes the process more efficient and much more likely to deliver the desired business results.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on Twitter or LinkedInCheck out my website