The advent of the cloud, which was once a niche concept, has empowered organisations to shift their focus from maintaining their complex IT infrastructure back to managing their core business. The growing trend of cloud adoption across the globe, irrespective of the size of the organisation, has increased the importance of cloud security. At a time when a data breach is the order of the day, organisations need proficient IT managers who can ensure that data moves between secure servers to remote devices without any intrusion or breach. If you are looking for a job in the IT domain or wish to pep up your otherwise unexciting job in the IT gamut, a career as a cloud security professional can be a great option.
What makes cloud security a challenge is the cumulative security concerns related to various components, and since there is no one standard defined for cloud security, it becomes a more challenging affair. And that’s where the role of a cloud security expert comes into play, feels Dr Rajeev Papneja, chief operations officer at ESDS Software Solution Pvt Ltd. “The latest trend is the shift from a simple network security and malware security point of view to a multi-layered security approach. Cloud companies providing APIs are working on making the authentication and access services robust to mitigate the risks. Next-generation firewalls that are currently being developed will help organisations to monitor and manage access based on application usage. Cloud providers will have to work on some kind of compartmentalisation techniques to make sure that a virtual machine of one customer cannot be accessed by the virtual machine of another customer, since both these containers are on the same hardware and are sharing compute resources including memory cache. The most important aspect is the threat from inside the cloud service provider’s house-from employees who can access the information. While proper SLAs need to be in place for customers, it is more important to have proper security policies and procedures in place internally, for cloud service providers to start building up customer confidence. A good security expert should understand these basic nuances of the cloud terrain.”
A recent report by Gartner stated that the cloud will increasingly be incorporated into corporate security endeavours, as 10 per cent of IT data protection offerings will be available through the cloud by 2015. “As the talent pool in the security landscape shrinks, the demand for professionals with a sound cloud experience will only grow in the years to come. Job seekers in traditional IT roles will need to advance themselves and get cloud-ready if they want to survive in the market,” says Ritesh A Sarvaiya, CEO and founder of Defencely.Com, a fast-growing cloud security company.
Echoing similar views, Dr Papneja explains, “Cloud security is an additional responsibility that will have to be borne on the shoulders of the current technology’s soldiers in cloud providing organisations. Truly, I do not see cloud security as a totally new vertical for professionals because it really does not replace all the things that are currently handled by the existing technology group. Existing employees will have to upgrade their skills from just being pure IT support professionals to those that look at everything from a holistic point of view, backed by knowledge of the various hypervisor architectures and an understanding of risk management. Certified and experienced security professionals will be more in demand in the coming years. We will see the emergence of new job titles such as cloud specialists, cloud computing architect and cloud infrastructure architect to replace the traditional systems architects or specialists. I would not be surprised if, going forward, we come across a cloud security officer.”
Dr Papneja continues, “In North America, there is a great demand for open source experts in the cloud security arena due to their flexibility and ability to work in any environment. This trend will catch up here too in the next five years.”
So, what are the skill sets that a hiring manager looks for at the time of recruitment? “We generally look for candidates that have good technical understanding of network security, knowledge related to architecture of various virtualisation platforms and open source tools, and a good understanding of service-oriented architecture,” says Dr Papneja.
In today’s competitive IT job market, do certifications in this field help push resumes to the top of the stack? “Certifications will definitely help professionals. One of the major reasons is the gap between the supply and demand for cloud security professionals, which we will start seeing in the near future. According to IT research companies, by the end of 2015, more than 50 per cent of medium scale businesses would be utilising some cloud service or the other, which means a growing need for cloud security professionals. Since there are not enough candidates to fill the need and not enough time to go through some kind of formal academics for the job, the only way left for them to understand the concept of cloud security and all that it demands, is to go through the certification courses offered by cloud providers themselves. I feel, this is the only assistance they have for transitioning from their current roles, to taking the next step in their career,” opines Dr Papneja.
So, a career in the cloud security arena can certainly accelerate your IT career graph and enhance your value in the recruitment landscape.
|Different roles available in the field of cloud security|
|Cloud architects: They help design a good cloud solution with the right cloud infrastructure based on a client’s requirements. These candidates will generally have sound knowledge of ‘Platform as a Service’, ‘Infrastructure as a Service’ and ‘Software as a Service’, as well as the related providers and solutions available in the market.
Cloud developers: These are more like experts in ‘Platform as a Service’ offerings, be it public, private or hybrid. These candidates would be hands-on developers who would understand and know how to design, develop and deploy products on various platforms.
Cloud security specialists: This role requires a thorough knowledge of various layers of security and the emerging security models to cater to the needs of the cloud environment. A part of this role is also complemented by the role of cloud auditors.
Cloud auditors: These are third party firms that assist the customers to figure out the level of security that they should look for while outsourcing their data or applications, and assess the criticality of the applications that need to be moved to the cloud. They also help customers to be aware about industry regulations and the cloud provider’s policy on vulnerability management.
Infrastructure managers: They are responsible for managing the infrastructure to support the cloud deployment. These would typically be IT managers with various skills-a jack-of-all-trades with knowledge of networking, applications, databases, load balancing, etc.