Following reports of increasing digital talent shortages in the UK, Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender®, discusses why Security-as-a-Service could provide a short term fix.
Increased cloud adoption is forcing businesses to boost investment in their security operations, subsequently driving demand for skilled security professionals. That being said, the rapid adoption of cloud computing, IT infrastructure and security has left a knowledge gap in terms of the security expertise available to address the increasing needs of a business. To this end, companies not only require more skilled personnel, they also need more manpower in order to remain competitive and secure. This has created a rise in Security-as-a-Service (SaaS) technology and consultants.
Hiring an in-house security expert to combat the increasing levels of cloud adoption can often be problematic, as this means companies must invest a great deal in employee training. On the other hand, outsourcing security contractors is not usually something that large organisations do, preferring to utilise their own dedicated security teams that can monitor their critical infrastructures.
A security skills deficit – how will this affect the UK?
There have been numerous reports recently highlighting the UK talent shortage. IT decision makers are increasingly concerned that their departments lack the required skills to utilise current technology trends, such as the internet of things (IoT)[1]. Furthermore, although the number of students choosing to take computing A-levels increased by 16 per cent in the UK in 2016, the numbers sitting ICT A-levels fell[2]. The decreasing number of young people in the UK not taking ICT courses is of huge concern, as the most in demand jobs, such as IT security experts, rely on an early education in these skills.
A lack of security experts may bring forward a rise in SaaS, rather than full time employees. At Bitdefender, we also expect there to be a rise in recruiting security experts from other countries, along with increased spending on training current IT personnel on security matters. While this may not see immediate benefits, in the long term such investments will prove to have an increased return on investment (ROI). For companies that will be affected by security issues, it’s reasonable to expect the cost of insurance policies for data breaches to rise due to increased risk.
The rise of the cloud – will a lack of security professionals hold adoption back?
More than a third of companies’ data resides in private clouds, and over a quarter is stored in public clouds. In terms of controlling and securing the data flow, network segregation and access, ensuring the security of these infrastructures can pose difficulties, even for experienced security professionals. While public cloud service providers may be responsible for securing their own infrastructure for compliance and regulatory purposes, securing the actual data that is in the cloud is the responsibility of the client.
Securing private clouds can also be a painful experience, and a hybrid alternative comes with other security implications that inexperienced or untrained IT departments may not be ready for. The lack of IT security professionals may affect companies trying to make the step towards a hybrid infrastructure.
In the short term, SaaS may result in a decreased need for security professionals. However, in the long-term, as companies grow and security incidents become ever-more frequent among companies utilising external security, the need for in-house security experts will become even more vital.
[1]http://www.computerweekly.com/news/450302379/IT-departments-fear-they-lack-skills-to-implement-IoT
[2]http://www.computerweekly.com/news/450302741/Number-of-students-taking-computing-A-level-rises-but-ICT-popularity-falls