COMMENT
handle data and applications to ensure
compliance with industry-specific
regulations. The same goes for global
players: Requirements around data
storage can vary dramatically by country,
requiring in-depth knowledge of local
regulations regarding where data
resides and how it is transmitted for any
geography in which you do business.
Skills for hybrid: the new
private cloud
Security practices for a private cloud
deployment – which enables enterprises
to keep data and applications under
their control – would seem to be more
traditional than public deployments.
But the virtualisation technology that is
inherent in the private cloud model creates
a need for new security skills beyond those
for traditional on-premise environments.
The first is understanding the difference
in the infrastructure itself, for example
between a traditional virtual machine and
a framework like OpenStack. Second, as
organisations explore software defined
networking (SDN), they see a need for
more automation skills, as security policy
must co-exist with the orchestration to fully
www.intelligentcio.com
FOR PaaS
DEPLOYMENTS, YOU
WILL ALSO NEED TO
ADD SKILLS TO ENSURE
THAT NATIVE CLOUD
APPLICATIONS ARE
BEING DEVELOPED
WITH SECURITY BUILT
IN AT THE API LEVEL.
ADOPTION OF OPEN
SECURITY APIS CAN
HELP TO BRIDGE
THE GAPS AMONG
PROPRIETARY CLOUD
ENVIRONMENTS
exploit an SDN environment. Third, the
security operations centre will need more
network insight as the east-west traffic
becomes more material to threat analysis.
These skills become especially important
as virtualisation expands beyond servers
and into networks and storage.
That said, most private clouds are truly
hybrid clouds – and these will be the
default moving forward. Hybrid clouds
demand cross-domain threat visibility,
along with the skills across the various
cloud types to prioritise and respond
to them. This requires both a broader
level of technical depth but also more
cross-team facilitation and leadership to
analyse and respond to critical threats.
Revisiting the soft skills points made
earlier, this also includes leadership not
just within the organisation but across
the set of SaaS providers relevant to a
given situation.
The bottom line on cloud skills
The takeaway for security leaders: It’s
time to optimise the skills of your team to
the different types of cloud. Public cloud
security – spanning SaaS, PaaS, and IaaS
environments – is (a) more about policy,
audit, analysis, and teamwork skills rather
than pure technical depth, and (b) will
include more cross-domain skills than are
required in the more silo’d on-premise
structure. Creating the proper mix of
skill-sets for all of these scenarios will help
build your confidence as you build out
your hybrid cloud model.
INTELLIGENTCIO
25