Is Cloud Security the Next Hot Career Path?
Named by Gartner among the top technology trends for six consecutive years starting in 2009, cloud computing continues to experience major growth. Seen by companies of all sizes as a scalable, cost-saving strategy, the cloud is changing how both enterprises and small/medium companies do business.
Momentum has been growing every year. Software-as-a-Service, which had 13 percent adoption in 2011, quintupled in 2014 to 74 percent adoption, with Infrastructure-as-a-Service and Platform-as-a-Service also reaching a tipping point, according to North Bridge Venture Partners. By 2015, North Bridge found “record level” of adoption, both for business functions and more complicated IT areas — with around 80 percent of sales/marketing, business analytics, customer service, communications and app development all migrating to the cloud.
And this momentum doesn’t appear to slow down. International Data Corp. forecasts that public cloud IT spending alone will grow from $70 billion globally in 2015 to $141 billion in 2019 — at a rate that’s almost six times the growth of the IT market overall.
Forrester estimates are even more robust — a $191 billion public cloud market by 2020, with cloud apps leading the charge. At the same time, Cisco predicts that 86 percent of workloads will be processed by cloud data centers by 2019, compared to only 14 percent of traditional ones.
Shortage of Skilled Professionals
Since the 1960s, when IBM introduced its first mainframe, information security went through several evolutions. As information moved from one centralized system to distributed computers, and then onto networks, new technologies came on the market, from antivirus and firewalls to endpoint protection.
The cloud, as the new paradigm, is not only disrupting the way information is stored and communicated, but also bringing along new challenges for security. One of the major challenges caused by the explosion in cloud use is the high demand for skilled professionals who specialize in cloud security.
Overall, the cybersecurity industry has a major shortage of trained professionals, as the growing threat landscape is compelling organizations to add in-house cybersecurity teams. A study commissioned by the (ISC)2 Foundation found that by 2020, there will be a shortage of about 1.5 million cybersecurity workers just in the United States. Cloud computing was identified in the study as the top information security area that had the most demand for training and education.
Organizations are going through a paradigm shift as they devote more financial resources to cybersecurity — but at the same time, they’re unable to hire enough talent.
A recent study by the Cloud Security Alliance found that the biggest barrier to effectively detecting and stopping data loss in the cloud was the lack of skilled security professionals, regardless of whether organizations had a CISO or not. Right Scale’s conclusions were similar — its 2016 state of the cloud report found that lack of resources and expertise replaced security as the top challenge for companies.
To compete for top talent, companies are willing to pay top dollar. Semper Secure estimates the average salary of cybersecurity professionals at $116,000, nearly three times the median U.S. income. The (ISC)2 Foundation numbers show that 38 percent of security workers in developed countries in the Americas earn more than $120,000 per year — and the salaries have been growing. Those surveyed also report very high satisfaction with their jobs.
Skills and Training for the Job
Organizations looking to hire IT talent are much more interested in those who have security expertise. The cloud security niche, in particular, requires not only knowledge of risks, threats and vulnerabilities as well as compliance, but also skills in broad areas such as system configuration, cloud architecture, virtualization, identity management, malware protection, encryption and authentication methods. IT security professionals should also understand best practices for cloud migrating, including moving from on-premises SharePoint to Office 365.
In the (ISC)2 Foundation workforce survey, 31 percent of respondents said that a cloud security certification was “very relevant,” and another 39 percent found it somewhat relevant. In fact, a Microsoft-sponsored white paper by IDC found that the top reason hiring managers had difficulty filling the estimated 1.7 million cloud-related jobs in 2012 was because the candidates lacked the required training and certifications.
In announcing those findings, the IDC program vice president said, “Unlike IT skill shortages in the past, solving this skills gap is extremely challenging, given that cloud brings a new set of skills, which haven’t been needed in the past. There is no one-size-fits-all set of criteria for jobs in cloud computing.”
Several organizations offer certifications, including Certificate of Cloud Security Knowledge (CCSK) and Certified Cloud Security Professional (CCSP).
The CCSP is appropriate for enterprise architects, security admins, systems engineers, security or systems architects, security consultants or managers and security engineers. Qualifications for taking the CCSP certification exam include five years of cumulative, paid, full-time IT work experience. Three of those years must be in IT security and one year in one of these domains: architectural concepts and design requirements, cloud data security, cloud platform and infrastructure security, cloud application security, operations, or legal and compliance.
On a 100-point scale system, hiring managers rank IT jobs with cloud computing skills a difficulty of 79 because of the insufficient number of qualified applicants. The average job only has about nine applicants, and some of the companies with the greatest number of openings include IBM, Oracle and Amazon, according to WANTED Analytics.
As more organizations continue to move to the cloud and data security continues to become more complex, the need for qualified cloud professionals will grow even more. IT professionals with specialty skills in cloud security will be in high demand — and the industry needs agile talent who can respond to the complexity of the new information-security landscape.
Sekhar Sarukkai is a co-founder and the chief scientist at Skyhigh Networks, driving the future of innovation and technology. He has more than 20 years of experience in enterprise networking, security and cloud services development.