INTELLIGENT CLOUD
Many of the softer skills needed for cloud success stem from the need for organisations to gain more visibility into hybrid environments that are becoming more complex as SaaS , PaaS , and IaaS services are cobbled together with each other and private clouds .
Audit rights can be built into a service level agreement as a way to make sure the provider complies with corporate security policies and industry or government regulations . This is one reason why the ability to develop comprehensive service level agreements with service providers is an increasingly important skill .
IT and security teams will need to work together to negotiate terms that provide maximum protection and visibility into third-party services , to ensure that data , applications , and other components of your cloud environment are secure and compliant .
In addition to formal audits , security professionals require skills and tools for continuously monitoring compliance and threats across SaaS , PaaS , and IaaS deployments in two key areas : threats and applications .
Starting with threats , achieving or maintaining visibility into specific threats across these environments so your organisation has a full view of attacks is critical . That visibility needs to extend across endpoint , infrastructure , and network elements in order to recognise and respond to coordinated , multi-angle attacks .
Second , application security experience with cloud access security brokers will help security professionals increase the visibility into user behavior and their needs across public cloud service providers .
We see convergence between the need for application visibility , threat visibility , and data security for SaaS applications . So look for skills that bridge those three areas as you build an organisation for the future . The same need for a blended skill set will increasingly be true as threat and
Driving this dual focus is the public cloud ’ s shared responsibility model , in which service providers and enterprises divvy up various levels of protection across the IT stack
application needs converge . Organisations in highly regulated industries also need to devote resources to tracking how third-party providers handle data and applications to ensure compliance with industry-specific regulations . The same goes for global players : requirements around data storage can vary dramatically by country , requiring in-depth knowledge of local regulations regarding where data resides and how it is transmitted for any geography in which you do business .
Security practices for private cloud deployment , which enables enterprises to keep data and applications under their control , would seem to be more traditional than public deployments . But the virtualisation technology that is inherent in the private cloud model creates a need for new security skills beyond those for traditional on-premise environments .
The first is understanding the difference in the infrastructure itself , for example between a traditional virtual machine and a framework like OpenStack . Second , as organisations explore software defined networking , they see a need for more automation skills , as security policy must co-exist with the orchestration to fully exploit a software defined environment . Third , the security operations centre will need more network insight as the east-west traffic becomes more material to threat analysis .
These skills become especially important as virtualisation expands beyond servers and into networks and storage .
Most private clouds are truly hybrid clouds , and these will be the default moving forward . Hybrid clouds demand cross-domain threat visibility , along with skills across various cloud types to prioritise and respond to them . This requires both a broader level of technical depth but also more cross-team facilitation and leadership to analyse and respond to critical threats . Revisiting the need for soft skills made earlier , this includes leadership not just within the organisation but across the set of SaaS providers relevant to a given situation . The takeaway for security leaders
• It is time to optimise the skills of your team to different types of cloud
• Public cloud security , spanning SaaS , PaaS , and IaaS environments is more about policy , audit , analysis , teamwork skills rather than pure technical depth
• This will include more cross-domain skills than are required in the more siloed on-premise structure
Creating the proper mix of skillsets for all of these scenarios will help build your confidence as you build out your hybrid cloud model .
Raj Samani is Vice President and CTO EMEA at Intel Security
37