3 Steps to Prepare the Workforce for Cloud Deployment and Security

It is no secret that information security faces a serious talent shortage. For new technologies like cloud computing, the shortfall becomes even more acute. For most organizations it is difficult to find and hire security staff with cloud skills, and developing these skills internally can also be challenging. Some of the key cloud deployment and security challenges organizations face today are:

·        Cloud security experience is rare and expensive: Given that infrastructure as a service (IaaS)/platform as a service (PaaS) adoption remains relatively early for most organizations, most security staff have not had the opportunity to build experience securing these services. This means the few cloud security experts on the market are in high demand.

·        Cloud skills have to be frequently updated: Securing public IaaS and PaaS often requires updating skill sets to accommodate the new capabilities cloud service providers (CSPs) offer to meet control requirements. This involves absorbing a large amount of highly technical resources, staying updated on new security capabilities and being able to assess third-party tools that could fill important security gaps, a significant task.

These challenges exacerbate long-standing issues for security teams. But by taking the right steps, executive leaders can prepare their workforce to enable secure public cloud deployments.

Step 1. Define Cloud Security Skills

To facilitate effective strategic workforce planning for cloud security, executive leaders should work with relevant stakeholders to define the skill sets needed to secure the cloud services in use at the organization. They should ensure skills development is aligned to the key risks facing the organization and the controls needed to mitigate them to maximize the ROI on development efforts.

Alongside specific skills needs, consider the importance of competencies. Four high-impact competencies (organizational awareness, decision making, influence and business results orientation) predict staff performance better than certifications or degrees because they indicate staff who are better at adapting to new challenges and business contexts.

Identifying staff who demonstrate aptitude in these key competencies should be prioritized for cloud skills development. By using high-impact competencies to guide hiring and training decisions, executive leaders can ensure the right people are put in place who are well-equipped to learn new cloud security skills, an important step given the high rate of change in capabilities offered by CSPs.

Step 2. Identify Cloud Expertise From Across the Organization

Given low talent availability and the new technologies involved, executive leaders should look at leveraging expertise from across the organization to carry out security activities in cloud environments.

They should create and use a tiger team for early cloud projects to establish best practices. Setting up a cross-functional team that incorporates the perspective of developers, infrastructure, security and others allows the staff working on cloud deployment to gain valuable insight into technical cloud security questions. It can lead to an initial set of technical guidance for how developers should meet security standards, while furthering the staff skills.

Step 3. Build a Unicorn Team to Reinforce Cloud Security

Individuals with lengthy experience, certifications, degrees and advanced skill sets are exceedingly hard to find, train and retain. Therefore, executive leaders should focus on building a unicorn team — a team that spans the complete set of skills and competencies necessary for success across all security activities — rather than chasing high-pedigree individuals for specific roles.

Use the portfolio of cloud security skills outlined in step 1 as a roadmap to build a unicorn team that fills these gaps, rather than chasing cloud security expertise that is already in short supply. Through development or recruitment, ensure skill sets are built to meet the highest-value skills needs first to ensure that security can keep up with business cloud adoption. Executive leaders should ensure:

·        Skills are built through experimentation: Encourage using targeted experiments and regular practice with a variety of cloud services to build up knowledge and understanding of how security works in cloud environments.

·        Array of development strategies are deployed: Leverage talent-sharing programs to build cross-functional knowledge among security staff. Talent-sharing programs can also stage collaborative exercises to drive learning within the organization. Finally, improving manager-led development offers a relatively straightforward path to better staff development. Managers are in a position to offer consistent feedback that ties specific behaviors to desired outcomes, which explains why high-quality manager-led development increases both performance and retention.