Intelligent CIO Middle East Issue 13 | Page 25

COMMENT handle data and applications to ensure compliance with industry-specific regulations. The same goes for global players: Requirements around data storage can vary dramatically by country, requiring in-depth knowledge of local regulations regarding where data resides and how it is transmitted for any geography in which you do business. Skills for hybrid: the new private cloud Security practices for a private cloud deployment – which enables enterprises to keep data and applications under their control – would seem to be more traditional than public deployments. But the virtualisation technology that is inherent in the private cloud model creates a need for new security skills beyond those for traditional on-premise environments. The first is understanding the difference in the infrastructure itself, for example between a traditional virtual machine and a framework like OpenStack. Second, as organisations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully www.intelligentcio.com FOR PaaS DEPLOYMENTS, YOU WILL ALSO NEED TO ADD SKILLS TO ENSURE THAT NATIVE CLOUD APPLICATIONS ARE BEING DEVELOPED WITH SECURITY BUILT IN AT THE API LEVEL. ADOPTION OF OPEN SECURITY APIS CAN HELP TO BRIDGE THE GAPS AMONG PROPRIETARY CLOUD ENVIRONMENTS exploit an SDN environment. Third, the security operations centre will need more network insight as the east-west traffic becomes more material to threat analysis. These skills become especially important as virtualisation expands beyond servers and into networks and storage. That said, most private clouds are truly hybrid clouds – and these will be the default moving forward. Hybrid clouds demand cross-domain threat visibility, along with the skills across the various cloud types to prioritise and respond to them. This requires both a broader level of technical depth but also more cross-team facilitation and leadership to analyse and respond to critical threats. Revisiting the soft skills points made earlier, this also includes leadership not just within the organisation but across the set of SaaS providers relevant to a given situation. The bottom line on cloud skills The takeaway for security leaders: It’s time to optimise the skills of your team to the different types of cloud. Public cloud security – spanning SaaS, PaaS, and IaaS environments – is (a) more about policy, audit, analysis, and teamwork skills rather than pure technical depth, and (b) will include more cross-domain skills than are required in the more silo’d on-premise structure. Creating the proper mix of skill-sets for all of these scenarios will help build your confidence as you build out your hybrid cloud model. INTELLIGENTCIO 25