Is Cloud Security Training Critical?
In a recent survey 86% of the respondents
said that security concerns about protecting their organization’s data is the
leading factor in driving them to seek Cloud security training.
86% … Wow! That is an impressive percentage; clearly indicative of a vigorous and active concern for effective security in the Cloud.
Regrettably it is not that straightforward. The Symantec / Cloud Security Alliance survey (reported by Marcia Savage in her article “Cloud Security Training”) also discloses that only 48% of the respondents have or plan to attend Cloud security training. The size and shape of the anomaly continues … 58% of the people who replied say that their teams are ill-prepared to secure their data in a Public Cloud environment. In the article Marcia Savage says that the statistics “were a bit curious.”
A Symantec and the Ponemon Institute joint survey of IT professionals conducted in April 2010 evidenced that “Despite security concerns and the expected growth in Cloud Computing; only 27% of respondents said their organizations have procedures for approving Cloud applications that use sensitive or confidential information.” Clearly one consistent pattern is emerging … there is clear and present awareness of the severity of the issues. This unmistakably supports and takes the earlier Symantec / Cloud Security Alliance statistics far beyond “curious.” It is a severe issue; and an imperative every business will have to address and resolve in the immediate future … strong words; so why do I say “every business?” This is why …
- “Technology experts and stakeholders say they expect they will ‘live mostly in the cloud’ in 2020” (Pew Internet / Pew Research Center)
- “60% of CIOs view Cloud Computing as critical to their plans” (The Essential CIO Study: May 2011)
- “Organizations must embrace the cloud and treat it as something real. Soon 20% of businesses will no longer own IT assets” (The Gartner Group)
- “Cloud Computing will balloon up to $241 billion by 2020, up from just $40.7 billion in 2010” (The Forrester Organization)
- “The economic benefits of Cloud Computing make it an “irresistible force” that will become the default standard over the next 2 to 10 years (Brian Walker – Managing Partner KPMG)
- “By 2015, about 24% of all new business software purchases will be of service-enabled software with SaaS delivery being 13.1% of worldwide software spending” (The IDC Organization)
One of the stated objectives in my company’s Cloud Security Essentials training course is … Providing the essential knowledge for a secure transition to Cloud Computing thereby guaranteeing these three critical attributes of your data:
- Confidentiality – Only those people who are supposed to see the data can see it
- Integrity – Only authorized processes are allowed to modify data and only in very specific ways
- Availability – The data is accessible when needed
All of this is vividly captivating … what my friends in sales like to refer to as a “compelling event.” So why have only 48% of the respondents attended or plan to attend Cloud security training? Survival and success in today’s marketplace dictates that we cannot continue to provide and offer IT resources like we have for decades; so why the hesitation?
If these statistics (or worse!) are indicative of the situation in your company then you need to investigate the prevailing thinking, policies and practices. There is no way that a “C”-level executive can allow such a situation to prevail for much longer.
Possible problem scenario 1: You are not alone; this is fairly common.
The senior management, CIO, IT leaders and the other business leaders and stakeholders are behind the curve in the burgeoning growth of knowledge and awareness about how Cloud Computing will become the “irresistible force” and the “default standard” for business in the future. This is a really resounding reason to reset the training budget’s spending priorities. The “Human Capital is not just a number theory” seminar in Miami or the “Creating a blooming team karma” course on the big cruise ship may have to be sacrificed for the cause of business success … rather spend the money on Cloud business and security training.
Possible problem scenario 2: A problem we encounter routinely.
The CIO and his team have an all too natural and instinctive reluctance to upset the status quo. They have an excellent performance record which they stand on and quote often. These folk need to be made aware of a compelling event and a harsh bottom line. The business winners and survivors in the future will focus on operational efficiency more than their rivals. The burgeoning growth in spending on IT must be controlled; businesses must cut costs to survive today, but still invest for tomorrow. There must be an accord to invest in technologies that help the bottom line … like Cloud Computing. On consulting engagements and during our training courses we use this phrase often … “You will only arrive at Cloud Computing success when the business decisions drive the technology decisions!”
Possible problem scenario 3: We are beginning to see this one emerge more frequently.
It is the “We are using a Cloud Service Provider (CSP) and they will be responsible for security” response. This is totally flawed thinking. A recent Ponemon Institute survey reports that a “significant majority” of CSPs subscribe to the belief that it is their customer’s responsibility to secure the Cloud, not theirs! Again, vividly and clearly, the training budget needs to be applied to courses on effectively selecting and negotiating with a CSP … and yes; security training! I quote Andrew Schrader of the firm AppRiver; “When it comes to security the buck stops with you!”
Do you want to grow your business!? Then rapidly ensure that you and your organization learn where and how Cloud Computing can help and understand the risks and benefits of the Cloud. Research and then put a plan and schedule in place to find and timeously provide you and everyone in your organization with the Cloud business and security training they need. Exclude no one, from “C”-level executives and other decision-makers to the IT professionals who will influence, execute and secure the Cloud’s deployment; ultimately leveraging its significant benefits to your business.
An additional resource
A White Paper I wrote in February 2011 … “Selecting the Right Training for Business Success in the Cloud” will provide you more practical steps and information on how to select the most time, cost and learning effective training for your organization.
Please use this link Training White papers / or paste this link into your browser: http://www.purposefulclouds.com/home/Cloud-Resources/white-papers#Training