(ISC)² and TMC (News - Alert) recently launched the Cloud Security Resource Community (www.cloudsecurityresource.com), which I hope will quickly become your go-to place for news, information, insights and links to a wealth of resources for IT cloud security professionals. It is also a destination I hope you will rely on often as a place that enables all of your organization’s employees, including C-levels, to better understand the challenges that moving to an increasingly always on, everywhere connected, cloud-centric world poses.
The intention is to educate and illuminate. While the subject is cybersecurity, a global priority with lots of daily bad news, the focus will not just be on what those with malicious intent are perpetrating. In addition to discussing the threats and weapons being used, the site will also focus on how cloud security solutions can help mitigate attacks and highlight the people and skills needed to keep us safe. Thus, a major concentration will be on the tools, training and certifications for those with the incredible responsibility of protecting everything.
Minding the security professional gap
Our community is sponsored by (ISC)² the global not-for-profit leader in educating and certifying cyber, information, software and infrastructure security professionals throughout their careers. Globally recognized as the “Gold Standard,” it offers vendor-neutral certifications, with nearly 110,000 members in more than 160 countries worldwide, with a vision to inspire a safe and secure cyber world.
The reason (ISC)² has launched and is sponsoring this community, and giving greater visibility to all things related to cloud security, can be explained by three major trends.
The first is that security in general, and cybersecurity in particular, is now a major concern for organizations of all sizes and types everywhere in the world – from small businesses to multinational corporations, service providers and government agencies. Regardless of the reports you read, we know from those who track such things that the bad guys are getting more sophisticated and increasing the ferocity of their attacks. We are also painfully aware that bad guys are all unique. The malicious hackers vary: From those looking to monetize their skills by stealing organizational secrets and personal identities to disgruntled insiders to state-supported or cause-oriented agents of destruction and, unfortunately, many more.
The second is that the movement of more and more “mission critical” and personal information to the cloud is a long-term trend that is gaining momentum. This is creating an explosion of vectors of vulnerability. These vectors are not just a function of the cloud, but the cloud in conjunction with the simultaneous “mobilization” of our personal and professional lives. In short, the world is becoming ubiquitously connected and cloud-centric in terms of storing vital data and providing absolutely essential applications and services. As a result, to paraphrase the old axiom, “with great rewards are coming great risks.”
The third trend is one we in the industry know well. Yet, its breadth and impact are not as well known or appreciated. It is the growing gap between the number of security professionals we need in the future versus the number of skilled people projected to be produced. This trend is the reason (ISC)² remains committed to its work to bring more qualified professionals into this community.
An interesting chart from the recently published, 2015 (ISC)2 Global Information (News - Alert) Security Workforce Study, highlights the issue.
The 1.5 million security worker gap illustrated in the chart is looming. The timelines are short. The shortfall will continue to grow if not significantly addressed.
In closing, welcome aboard! Since this is a security site for community members, to use a very popular phrase, “if you see something, say something!” We absolutely want to hear from you and have you engaged with the content and other community members.
Edited by Maurice Nagle