Increasing cloud adoption is driving the need for a secure operating environment as well as the skills necessary to maintain this environment.
This is according to Gavin Lingenfelder, cloud services lead at Pamoja, who says all-round security skills to support cloud adoption are in high demand, especially with regards to hybrid cloud solutions.
Lingenfelder says a standardised environment that operates according to a set of security policies, absolutely enforced, is a prerequisite for businesses that want to leverage the "power of the cloud".
He says the offer of flexibility of on-demand resources on a pay-as-you-use model through the cloud, and the advantage of an automated solution to simplify disaster recovery processes, risk and cost reduction, is only attainable through a secure operating environment.
"A secure operating environment is not just about protecting the perimeter but involves translating compliance requirements into a technology implementation. This requires practical skills and knowledge around data protection, privacy standards, encryption and malware protection. Additional skill sets of value include identity management, authentication methods and auditing," he explains.
Although he believes the market understands the significance of a secure operating environment, the issue is often relegated to the back of the queue in terms of priority or is only seriously considered when there is a breach, which could be catastrophic to an organisation. "It's not about just restoring data and recovering environments; imagine sensitive data being made available to competitors?" he asks.
The critical role that these security skills play is emphasised through key business disciplines such as disaster recovery and business continuity.
Lingenfelder says many businesses believe having a disaster recovery plan in place is sufficient - but this is not the case. "The truth is that a disaster recovery plan is only a small portion of the business continuity plan. Business continuity is making sure your business can continue operating during a disaster and, most importantly, can survive a disaster."
It is here where assessment is fundamentally important. Regular assessment has to involve a great deal more than 'ticking a few boxes' and has to be incorporated into regular operations. There must be certainty that necessary recourse is in place - company risk has to be owned at board level and cannot be left up entirely to operations teams.
"When you mention a disaster, everyone thinks of this massive event, but everyone forgets that it could be [as simple as] losing a proposal you have been working on for days just before the deadline. So, recovery starts from end-user devices right through to the data centres making sure data is automatically backed up and that there are processes that are regularly tested in place," Lingenfelder continues.
Pamoja advises organisations to acquire a solid understanding of what impact a third-party vendor will have on their risk profile. Vendors can be approached to provide information on their security policies and procedures, and how these are managed. Certifications such as ISO 27001 set the basic benchmarks for security.
Share