Actu
(ISC)²: Security professionals focus on technology skills for cloud computing, research highlights
January 2011 by (ISC)²
Information security professionals may be focussing on familiar territory rather than new paradigms when it comes to skilling up for the cloud, suggest early survey results from the 2011 (ISC)2 Global Information Security Workforce Study (GISWS) conducted by industry analysts Frost & Sullivan. According to the survey, 73 percent of more than 7,500 (ISC)2 certified professionals participating in the survey said that cloud computing requires new skills for security professionals. (ISC)2® (“ISC-squared”), the world’s largest information security professional body and administrators of the CISSP®, commissioned Frost & Sullivan to conduct this fifth edition of the most comprehensive study into the information security profession, and will release the final report on February 17.
When asked what new skills would be required for cloud computing, half of the participants identified contract negotiation skills as one of their top three requirements. This selection trailed the desire to develop a detailed understanding of cloud computing chosen by 93 percent, as well as the desire for enhanced technical knowledge chosen by 81 percent of participants.
“It is surprising to see such an emphasis on technology and detail when we are looking at a trend involving outsourcing the management of it. Professionals, the majority of whom have a technical background, appear to be focussing on the familiar. The instinct to develop skills for the new operational dynamic introduced by cloud computing may still be elusive for many,” says Robert Ayoub, CISSP, Frost & Sullivan lead analyst on the study.
Over half of the members surveyed said their organisations are using cloud computing at some level. 16 percent said their organisations are using public cloud services, and 42 percent identified their use of software as a service (SaaS). For participants, the exposure of confidential or sensitive information, data loss or leakage is of greatest concern to them, with 85 percent rating this as a top or high concern. This was followed by significant concern over weak system or application access controls (68 percent), susceptibility to cyber attacks (65 percent) and disruption in availability (62 percent).
“The concern over risks to data suggests that we as a profession recognise the need to master our understanding of how data is used and valued by the business and its customers. This goes beyond understanding the technology and detail of the systems. IT is a tool of the business, and it is the business itself, its processes and the information it uses that must be understood,” says John Colley, CISSP, managing director EMEA, (ISC)2 .
Survey participants were also asked whether cloud computing was likely to impact demand for information security professionals. The results revealed significant optimism, with less than 10 percent believing that cloud would reduce demand and about half believing the trend toward cloud would increase demand for security professionals.
The (ISC)2 Global Information Security Workforce study is commissioned biannually and has been tracking significant trends since 2004. The study surveys both (ISC)2 members and the wider security community, accumulating input from professionals in more than 100 countries to examine the skills professionals are working to attain, education and qualifications, experience, growth in the workforce, reporting lines and accountability, salaries and budgets, along with the issues influencing security management and driving demand for security professionals. Early results reflect findings of the members’ portion of the survey.
