This would not be a very serious problem if companies began to take some of the following measures:
- adopt a identity management system that allows them to define, manage and control access under the principle of least privilege or zero trust (what is known in IT as the Zero Trust approach)
- generate the ability to detect risky activities inside of the public cloud environment via tools that make it possible to determine in time if any action of a user account or system has a abnormal or unexpected behavior
- have people with security knowledge that allow them enable, configure, and operate resources with an information security perspective
Lack of knowledge in cybersecurity
The lack of cybersecurity experts or skills is a recognized fact. according to report (ISC)² Cybersecurity Workforce Study 2022, the estimated global labor force is 4.7 million people -the highest recorded- however, the gap to be able to face increasingly complex threats it would be 3.4MM people dedicated to cybersecurity.
Beyond the numbers, another aspect that makes it difficult to have and specialize people to effectively develop company security strategies is the extension of the fields of knowledge and action of specialists. Until not very recently, the roles were well differentiated: Infrastructure, Database, Development, Networks, Defensive Security, Offensive Security, etc. But with the arrival of the cloudthe inter-area borders today they are more diffuse. precisely, the democratization of which we spoke previously can allow a single person can assume each or parts of the indicated roles to raise a public application. Therefore, empower the workforce in cybersecurity aspects is an essential task within the internal training processes of companies.
But where it becomes more complex is precisely with the people responsible or cybersecurity teams of an organization. It is no longer enough to know or have experience in cybersecurity. Public clouds brought with them new concepts and words to the technological vocabulary. And we are not only talking about concepts, what we see is a new paradigm for how you work in and with the public cloud.
Consequently, while we don’t expect a cybersecurity specialist to also be an expert developer or cloud architect, they need to at least have skills in those other fields. And it is expected that experts in other areas can also develop skills in cybersecurity. What do we gain with this? A digital development and adoption process based on efficient, agile and secure public cloud.
Fortinet Cloud Business Development Engineer for Latin America
David William is a talented author who has made a name for himself in the world of writing. He is a professional author who writes on a wide range of topics, from general interest to opinion news. David is currently working as a writer at 24 hours worlds where he brings his unique perspective and in-depth research to his articles, making them both informative and engaging.