Ed Parsons
CISSP, VP Global Markets & Member Relations, ISC2
As cloud adoption rises in the UK, developing cloud security skills has never been more crucial. Strengthening cloud expertise is essential to enable secure adoption.
Research shows that 28% of cybersecurity teams are experiencing gaps in cloud security skills,1 making it one of the region’s largest technical skills gaps, second only to artificial intelligence. Several factors contribute to this issue: multi-cloud strategies increase the need for diverse cloud skills. Infrastructure as code means security as code, requiring programming skills and familiarity with cloud-native technologies. Additionally, shared responsibility models and outsourcing require organisations to adapt their skill sets for managing security through third parties.
Security professionals should develop
broad expertise that transcends
individual cloud platforms.
Cloud adoption and cybersecurity
While cloud adoption undoubtedly offers business benefits such as increased resilience, cost efficiency and flexibility, it has also altered the attack surface presented to threat actors. Security professionals need to maintain their knowledge and understanding of modern attack techniques and effective countermeasures, which differ considerably from network-based attacks and perimeter defences.
It’s no surprise that hiring managers identify cloud security as the most in-demand cybersecurity skill and professional development area. To ease the burden on cybersecurity teams and help develop cloud security skills, organisations should consider the following approaches:
- Building platform-agnostic skills
Security professionals should develop broad expertise that transcends individual cloud platforms. Understanding foundational cloud security principles, rather than limiting knowledge to the functionality of a single provider, helps to adapt and transfer experience in multi-cloud environments. Certifications such as ISC2’s Certified Cloud Security Professional (CCSP) promote this broad-based knowledge, ensuring security teams can handle diverse cloud infrastructures effectively.
- Leveraging technology training programmes
Paradoxically, professionals should also take advantage of the extensive low or no-cost training resources and education programmes offered by major cloud providers. Organisations should encourage employees to take advantage of these resources, offering incentives such as study time or certificate reimbursement to boost participation.
- Shared responsibility approach
Cloud security is not solely the responsibility of IT or security teams; risk, compliance and governance professionals also play a crucial role. By promoting a general understanding of cybersecurity across these functions, organisations can strengthen security governance and risk management and benefit from relevant expertise in other teams, like procurement or risk.
By investing in skills development and building capability across functional units, UK businesses can better navigate the evolving cloud security landscape.
[1] ISC2. 2024. 2024 ISC2 Cybersecurity Workforce Study.
