Monthly Archives: July 2012
Is Cloud Security Training Critical?
In a recent survey 86% of the respondents
said that security concerns about protecting their organization’s data is the
leading factor in driving them to seek Cloud security training.
86% … Wow! That is an impressive percentage; clearly indicative of a vigorous and active concern for effective security in the Cloud.
Regrettably it is not that straightforward. The Symantec / Cloud Security Alliance survey (reported by Marcia Savage in her article “Cloud Security Training”) also discloses that only 48% of the respondents have or plan to attend Cloud security training. The size and shape of the anomaly continues … 58% of the people who replied say that their teams are ill-prepared to secure their data in a Public Cloud environment. In the article Marcia Savage says that the statistics “were a bit curious.”
A Symantec and the Ponemon Institute joint survey of IT professionals conducted in April 2010 evidenced that “Despite security concerns and the expected growth in Cloud Computing; only 27% of respondents said their organizations have procedures for approving Cloud applications that use sensitive or confidential information.” Clearly one consistent pattern is emerging … there is clear and present awareness of the severity of the issues. This unmistakably supports and takes the earlier Symantec / Cloud Security Alliance statistics far beyond “curious.” It is a severe issue; and an imperative every business will have to address and resolve in the immediate future … strong words; so why do I say “every business?” This is why …
- “Technology experts and stakeholders say they expect they will ‘live mostly in the cloud’ in 2020” (Pew Internet / Pew Research Center)
- “60% of CIOs view Cloud Computing as critical to their plans” (The Essential CIO Study: May 2011)
- “Organizations must embrace the cloud and treat it as something real. Soon 20% of businesses will no longer own IT assets” (The Gartner Group)
- “Cloud Computing will balloon up to $241 billion by 2020, up from just $40.7 billion in 2010” (The Forrester Organization)
- “The economic benefits of Cloud Computing make it an “irresistible force” that will become the default standard over the next 2 to 10 years (Brian Walker – Managing Partner KPMG)
- “By 2015, about 24% of all new business software purchases will be of service-enabled software with SaaS delivery being 13.1% of worldwide software spending” (The IDC Organization)
One of the stated objectives in my company’s Cloud Security Essentials training course is … Providing the essential knowledge for a secure transition to Cloud Computing thereby guaranteeing these three critical attributes of your data:
- Confidentiality – Only those people who are supposed to see the data can see it
- Integrity – Only authorized processes are allowed to modify data and only in very specific ways
- Availability – The data is accessible when needed
All of this is vividly captivating … what my friends in sales like to refer to as a “compelling event.” So why have only 48% of the respondents attended or plan to attend Cloud security training? Survival and success in today’s marketplace dictates that we cannot continue to provide and offer IT resources like we have for decades; so why the hesitation?
If these statistics (or worse!) are indicative of the situation in your company then you need to investigate the prevailing thinking, policies and practices. There is no way that a “C”-level executive can allow such a situation to prevail for much longer.
Possible problem scenario 1: You are not alone; this is fairly common.
The senior management, CIO, IT leaders and the other business leaders and stakeholders are behind the curve in the burgeoning growth of knowledge and awareness about how Cloud Computing will become the “irresistible force” and the “default standard” for business in the future. This is a really resounding reason to reset the training budget’s spending priorities. The “Human Capital is not just a number theory” seminar in Miami or the “Creating a blooming team karma” course on the big cruise ship may have to be sacrificed for the cause of business success … rather spend the money on Cloud business and security training.
Possible problem scenario 2: A problem we encounter routinely.
The CIO and his team have an all too natural and instinctive reluctance to upset the status quo. They have an excellent performance record which they stand on and quote often. These folk need to be made aware of a compelling event and a harsh bottom line. The business winners and survivors in the future will focus on operational efficiency more than their rivals. The burgeoning growth in spending on IT must be controlled; businesses must cut costs to survive today, but still invest for tomorrow. There must be an accord to invest in technologies that help the bottom line … like Cloud Computing. On consulting engagements and during our training courses we use this phrase often … “You will only arrive at Cloud Computing success when the business decisions drive the technology decisions!”
Possible problem scenario 3: We are beginning to see this one emerge more frequently.
It is the “We are using a Cloud Service Provider (CSP) and they will be responsible for security” response. This is totally flawed thinking. A recent Ponemon Institute survey reports that a “significant majority” of CSPs subscribe to the belief that it is their customer’s responsibility to secure the Cloud, not theirs! Again, vividly and clearly, the training budget needs to be applied to courses on effectively selecting and negotiating with a CSP … and yes; security training! I quote Andrew Schrader of the firm AppRiver; “When it comes to security the buck stops with you!”
Do you want to grow your business!? Then rapidly ensure that you and your organization learn where and how Cloud Computing can help and understand the risks and benefits of the Cloud. Research and then put a plan and schedule in place to find and timeously provide you and everyone in your organization with the Cloud business and security training they need. Exclude no one, from “C”-level executives and other decision-makers to the IT professionals who will influence, execute and secure the Cloud’s deployment; ultimately leveraging its significant benefits to your business.
An additional resource
A White Paper I wrote in February 2011 … “Selecting the Right Training for Business Success in the Cloud” will provide you more practical steps and information on how to select the most time, cost and learning effective training for your organization.
Please use this link Training White papers / or paste this link into your browser: http://www.purposefulclouds.com/home/Cloud-Resources/white-papers#Training
What Is Training?
How much do (or should) people like Braque or Byron
influence your business training programs?
Over the last 4 months I have monitored the responses to a question posed by Michael Colucci (ASTD Group on Linkedin): How would you define “training” in 10 words or less?
We shall never know the true motivation for the responses; were they the honest conviction of the respondent or the temptation to be lyrical in ten words? What the responses do, however, is illustrate the exceptionally broad spectrum of thinking, emphasis and motivation among training professionals.
Some of the responses to Michael’s question command me to immediately arise from my computer and sit on a windowsill and seek poetic revelation and inspiration by gazing out at the azure Bay of Portovenere[i] as Lord Byron[ii] once did. Other responses cry out for me to see if the panache of Georges Braque’s[iii] brilliantly colored Cubism art style would enhance and influence my training message. These responses are categorized in my mind as the “training is an art form” commune. Very tempting! What seems to be missing is a business connection.
Ah! Then you have the “middle of the road” category; for those who embrace the “encourage learning to occur” genre. It sounds so erudite and perchance ethereal; but it does little to awaken, inspire or give me purposefulness or a goal. I would really avoid using this type of training goal or description in a presentation to the CEO who has investors lamenting the slow return to profitability. I would like to offer him/her something more in accord with revenue enhancement contributions or business agility provisioning!
Down at the other end of the spectrum … or as I prefer to call it, the real “gritty end” of training; it is more harshly “real world”. This is where the inspiration (and the imperative!) to be successful must be drawn from words like cost and time effectiveness, training ROI and “providing the who, what, when, where, why and how of the task” (Paraphrased from an actual response to the question). This “gritty end category” sounds tough and somewhat prosaic.
Grounded in my day-to-day life in training I know that the latter category resonates much more favorably with the CFO who only opens the training budget bag rarely and with extreme reluctance, the plant manager who is desperate to increase his/her team’s production volumes or with the sales manager who wants his global sales force to hit the ground running when the new industry-leading, competition crushing solution or product is launched.
Is the “gritty end category” the best one … or the right one today? It definitely is the training world people live in if their company’s Internet address ends in .com! I cannot imagine that a majority of training professionals have not arrived at the same conclusion in these austere times.
Today, training must ensure that the team’s knowledge and skills will specifically, significantly and measurably contribute to making smart, effective and ultimately successful business decisions and executing marketplace leading actions. Training’s goal must constantly be to utilize every available intellectual and technological resource to focus and converge on providing business agility and solving business issues. If growing the business is a prime motivator, then it is elemental that training be the trusted starting point by flawlessly and timeously delivering the essential knowledge and skill.
Following, and beginning with, the “dose” of training reality centered on the “gritty end category” of responses is there any place or use for the “training is an art form” approach?
Yes! You must deliver the businesses essential knowledge and skills … however you will make the learning experience more vivid, probably more realistic and help expand knowledge retention time with an imaginative dash of visual, written or verbal enhancement. Never embrace art for art’s sake … its function is to deliver a strong supporting role to the “who, what, when, where, why and how of the” training goals. Like the score to a great movie, the art should not be noticed but set the mood, bring up the excitement, emphasize the message or provide a comforting foundation for learning.
Deliver time, cost and learning effective courses and never drink the tepid tea of timidity!