More than half of organizations indicate they are less than somewhat prepared to secure public cloud services, according to a survey conducted by Symantec and the Cloud Security Alliance (CSA) at the CSA Summit this winter. Yet, 79 percent of respondents say it is somewhat/extremely important to define and enforce their own security policies independent of the specific cloud platform or applications providers.
It’s all about control. According to respondents, the most important factors impacting cloud adoption are control of who can access which cloud applications (90 percent) and control of what information can flow into the cloud (86 percent). More than half of respondents also believe it is important to have a single control point through which all public and private cloud traffic flows.
In short, what this survey reveals is that it’s important to have your own security for the cloud but that IT staff are not yet well prepared to secure the cloud.
IT staff needs cloud security training. Despite all the chatter about cloud security across the industry, prior research from Symantec reveals that only 1 in 4 organizations has staff with any experience in the cloud. And the CSA survey shows that cloud security training is important to respondents – 68 percent say it is somewhat/extremely important to their organization’s ability to implement cloud computing. Protecting their company’s data is the top factor driving respondents to consider cloud security training and certification. However, only 48 percent have plans to attend any sort of cloud security training within the next year.
Cloud security needs leadership, and it requires standardized training and skills that will enable IT staff to confidently move into the cloud. The CSA’s Certificate of Cloud Security Knowledge (CCSK) provides IT security professionals with the knowledge and hands-on experience they need to effectively protect their companies’ data in the cloud. Symantec has partnered with the CSA to deliver training for the CCSK exam; visit the training website for details.
What are your plans for cloud security training?