4. Cloud security organizational dynamics. Many industry events resemble a techno pep rally focused on silicon and code rather than carbon-based life forms. I hope this isn’t the case at VMworld as I’d like to explore cloud security as it relates to IT and cybersecurity organizations. My current observation is that cloud security responsibilities often migrate toward different groups like application developers, DevOps, and data center infrastructure groups. Okay, but where do network security engineers fit into this mix? And since cloud security is a relatively new pursuit, how are cybersecurity professionals (and others) gaining necessary skills around secure design, physical/virtual security integration, cloud security operations, best practices, etc. In my humble opinion, skills development is a critical of often neglected aspect of cloud security. With the right training, CISOs can use things like micro-segmentation and virtual network security services to improve security protection and mitigate risk. In lieu of this however, other IT groups with minimal cybersecurity knowledge will be in charge of “winging it” putting everyone at risk.
A few years ago, cloud computing seemed to be hamstrung by security concerns but this is no longer the case. Many organizations, led by the public sector, are moving full-speed ahead into the cloud so it is incumbent upon the cybersecurity community to keep up. When I leave VMworld next week, I should have a good indication of whether cloud security be a ray of sunshine on Amazon, OpenStack, and vCloud Air, or whether stormy cybersecurity weather is in the forecast.
Sign up for CIO Asia eNewsletters.