Qualified cyber security cloud pros in short supply

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 06 Jun 2024
Gary Peel, cloud business development manager at Fortinet Africa.
Gary Peel, cloud business development manager at Fortinet Africa.

South Africa, like the rest of the world, is facing a critical shortage of qualified cyber security professionals for cloud computing.

This is according to Gary Peel, cloud business development manager at Fortinet Africa, who yesterday addressed ITWeb Security Summit 2024, in Johannesburg.

According to Peel, businesses transitioning to the cloud face the “security chasm” between traditional and cloud security models, leading to siloed environments.

He noted that companies must adopt unified security policies, leverage automation and invest in cloud security expertise to bridge this gap.

Peel urged organisations to unite on-premises and cloud teams, to work together to find security solutions.

He pointed out the issue exists because of business culture − people, technology and the processes − and it’s up to companies to close this gap.

“Most people reject change; it our human nature to do that, but for a business that is going through a cloud transformation journey, you need to get the people on board. The whole point is to bring people together so that you have one team managing the entire environment.

“On processes, generally the cloud team does not want to deal with the on-premises team because they think it takes a lot of time and is filled with bureaucracy. In a cloud journey, you need to automate all the processes to make the necessary changes in a business.

“With technology, we see customers are usually told that cloud platforms are mature. You have to remember that these cloud platforms are made up of hundreds of individual products and some are more mature than others. But whatever you do from a security perspective, don’t create silos that make things difficult to manage. You need a holistic approach to cloud security,” he explained.

Hybrid here to stay

He referenced the 2024 Cloud Security Report, conducted by Fortinet to gain insights into the challenges organisations face in protecting their cloud environments and the strategies they prioritise. The report is based on a survey of 927 cyber security professionals worldwide and offers insights into the trends driving cloud security.

When asked about their cloud deployment strategies, 78% of the organisations said they are using a multi-cloud or hybrid cloud environment, while 22% have a single cloud.

“This is because the story of going all-in on cloud is going to take many years. We are going to have the hybrid model for a long time. It means different challenges in ensuring data protection in each environment. You also need the right skills to protect this data.

“In South Africa, we are even more susceptible to the skills gap because the skills we have in the country are often poached by international businesses.”

He pointed out that the Fortinet survey revealed that 93% of organisations are moderately to extremely concerned about the industry-wide skills shortage of qualified cyber security professionals.

“We are often told that moving to the cloud increases security, but what we see from a data perspective, is that 44% of the respondents said public cloud risk is somewhat to significantly higher than on-premises.”

Another research finding is that 95% of the respondents said they will consider the use of a single cloud security platform with a single dashboard to be moderately to extremely useful.

The study discovered that most organisations recognise that security needs to be included in their cloud strategies.

The cyber security challenges associated with the cloud and the need for enhanced security measures in cloud environments have become more critical in the face of new AI-based threats, says Fortinet.

Meshing it up

Adopting a cyber security mesh architecture proposed by Gartner can protect cloud environments, Peel noted.

“A cyber security mesh architecture is an architectural concept that advocates interoperability and coordination between individual security products, resulting in a more integrated security policy. Its flexibility is especially suitable for increasingly modular approaches consistent with hybrid multi-cloud architectures.”

He also suggested that a public cloud landing zone is beneficial in protecting cloud environments. “This refers to a preconfigured, standardised environment that provides a secure and complaint foundation for running workloads in the cloud.

“It typically consists of a set of best practices, policies and procedures that are designed to facilitate the adoption and management of cloud services by organisations. A landing zone can include a range of components, such as networking, identity and access management, security, compliance and governance.”

By providing a standardised environment, a landing zone can help organisations reduce complexity, improve security and compliance, and increase efficiency in managing and deploying cloud workloads.