Making Cloud SLAs readily usable in the EU private sector

Cloud Security Skills: a lack in the labour market

In the labour market there is a lack of cloud security specialists. This the main finding of a recent study, revealing that 46% of the organisations surveyed are experiencing a shortage in cyber security skills. The biggest deficiency regards cloud security specialists, which poses a problem for 33% of the interviewees.

 

 

 

 

 

Certain skills are required across all uses of public cloud. IT teams need to know:

  • encryption and data loss prevention controls for content-rich cloud applications;
  • how to collect information about data location;
  • cloud service providers offers on data protection;
  • how to integrate data protection policies with the company policies;
  • especially for SaaS, the security teams needs to be familiar with security violation monitoring tools;
  • post-incident analysis skills;
  • for PaaS deployments, IT team also need to have skills to ensure that native cloud applications are developed with security built in at the API level;
  • for IaaS environments arise the need of skills on usage monitoring, as well as the ability to manage security incidents.

 

But softer skills, such as audit and compliance, are also needed on both the demand and supply sides as a universal skill. Security professionals require skills for continuously monitoring compliance and threats across SaaS, PaaS, and IaaS. Requirements around data storage can vary dramatically by country, requiring in-depth knowledge of local regulations regarding where data resides and how it is transmitted for any geography in which you do business.

Finally, IT teams should secure audit rights to examine the provider’s practices and ensure if the proper certifications are in place. Herein lies the importance of Service Level Agreements (SLAs): audit rights that can be built into a SLA as a way to make sure the provider complies with corporate policies and government regulations.

For more insights on SLAs, common vocabularies, best practices and standardisation, go to our Common Reference Model.

SOURCE:

Securing the Hybrid Cloud: What Skills Do You Need?, Brian Dye, blog.cloudsecurityalliance