The High Demand for Cloud Security Professionals
The demand for cyber security professionals with expertise in cloud security has evolved with the ever-increasing number of businesses moving to the cloud. Moving away from the historic server or on-premise model and into the cloud model has opened up a whole new set of security questions and challenges to overcome.
Speaking to Dylan Holloway, Cyber Security Manager for EY, he explains that these challenges have arisen for a variety of reasons. “There is less control, depending on the model, as you are forced to put more faith in whoever’s hosting the Cloud to protect you,” he explains. “Whether it’s Amazon AWS, Microsoft Azure, Google Cloud, you need to trust them to have good security so that they don’t get hacked and don’t lose or share your data with a third party.”
The way employees interact with data has changed the demands on security too. When data was confined to a central on-premise data centre in the office, only accessible via the work computers, that was all that needed securing. Now with the cloud, people are signing in from mobile devices, home computers, work laptops and they’re doing it from anywhere and everywhere. “They’re going on holiday and signing in from the Bahamas and you need to be able to give them access wherever and whenever they want or need access,” says Holloway. “But you also need to be able to secure that and it’s a very challenging model to manage for security professionals.”
The question becomes, how to place security on an employee’s personal phone? “They want to download company documents to their device but ethically and legally the security professional can’t install security software onto that personal device. So how do I manage that?” asks Holloway. “Cloud provides a lot of flexibility and availability for the workforce, but it is a huge challenge to secure it.”
As for the type of Cyber Security professional best suited to work in Cloud Security jobs, Holloway asserts that just as the mode of security has evolved so too must the people working with it. Typically, those who have been in the cyber security game for a number of decades become set in their ways, but that approach will not marry well with the cloud. It operates through different technology, different processes, and different systems, and requires individuals who can be flexible in the way they think and work.
The expectation for people working in Cloud Security is that they should be innovative as the cloud is still a relatively new concept. “A lot of businesses are still in the stage of adopting the cloud,” explains Holloway, “they’ve not been up and running on the cloud for that long so they’re not fully literate in using it and equally their workforce is not cloud savvy.” As a result, you have to be creative in your approach and think outside the box as you navigate a path that is fundamentally still being laid down.
Holloway further asserts patience as a key character trait for Cloud Security professionals, as well as someone who is on the button with the latest trends, technology, and threats. “The Cloud is right up there on the front line of new technology, so you need to be staying up to date as there’s going to be huge threat opportunities for attackers to break in and you need to be constantly aware of that,” he says.
As for the technical expertise you must bring when working in Cloud Security, you’ll need to be familiar with CASB (Cloud Access Security Broker) which is software for managing the Cloud. It assesses all the different devices that are connecting to your Cloud and the data they’re pulling in and reports that all back to you so you can validate the device and verify whether it’s safe or a potential hacker. “A good CASB program will allow you to implement different controls and access requirements to your Cloud to help you manage that,” explains Holloway.
For Cyber Security professionals wanting to steer their Cyber Security career into Cloud Security, roles such as Security Engineer and Systems Architect could upskill relatively easily. Areas including data protection, identity access management and networks would all be useful to gain an understanding and experience of.
Matt Garvey, Managing Director at Eagna Consulting says he is seeing more and more people undertaking a Master’s in Cyber Security, which incorporates Cloud Security. “The CCSP (Certified Cloud Security Professional) encompasses a lot of Cloud Security and Platform Security and is considered the gold standard in the space,” says Garvey. Other certs to look at are the CCA (Certified Cloud Architect), CompTIA, and CompTIA Cloud+. Cloud hosts like Amazon, Microsoft and Google all offer their own certifications also.