Cybersecurity professionals are still expected to do more with less, even as cloud adoption grows.
FireMon’s second annual State of the Hybrid Cloud Security survey found that in general, budgets for security are not increasing and there’s still a shortage of qualified people. Lack of qualified personnel was right behind lack of visibility as the biggest challenge to securing the public cloud environment at 16.4%. When the people you do have are working harder than necessary because you don’t have enough automation and integration of tools, you risk losing the talent you do have.
Respondents don’t have a lot of people on staff either, with 69.5 percent reporting a security team of 10 people or less, which is up significantly from 52 percent last year.
Manual tasks keep people stuck in the mud
Cloud adoption isn’t slowing, nor is the growing complexity that comes with it. It’s difficult enough to manage one platform, let alone multiple clouds when you have limited budget and not enough people.
It is important to invest in the talent you have if you expect to realize a return on the technology investments you’ve made. You can have the best technology on the planet, but it will not produce the results you are looking for if the team is not empowered to use it. This is especially true with today’s cloud technologies, but also be mindful of the legacy technology in play — anything that’s pre-cloud but still useful and viable for running mission-critical workloads. Finding, investing, and keeping people with the right mix of knowledge is a path to success.
If your people are stuck trying to keep up with manual tasks such as firewall rule updates, you’re not leveraging the expertise for which you hired them. The wheels are spinning fast, but the car isn’t going anywhere — there’s no traction. In the meantime, the person who has the essential Amazon Web Services or Microsoft Azure expertise you need to secure your public cloud deployments is open to explore other opportunities to use it. Companies too often find themselves in a comprised situation when a key a resource leaves and there is no failsafe for the knowledge that leaves with them.
If you’re not using automation and relying heavily on the manual efforts of team members who may leave, it’s hard to ensure consistency of your security controls. Even if you fill the spot on your bench quickly, you’re still not moving as fast as the rapid scaling of hybrid cloud today. You’re stretching your resources and putting your deployments at risk, and to continue the car analogy, you’re on the road to burning out the engine.
Training is another investment you can make in your team, but it does mean they’re out of rotation for a period of time so be sure that investment counts by doing the utmost to keep that trained resource. Aside from competitive remuneration, providing opportunities for your people to grow their skillsets is a great retention strategy.
Stretched resource burnout is a real concern – that’s why automation and training investment is a critical part of the solving the resource challenge.