Overcoming the unique challenges of securing the cloud
Last month’s article, the proven importance and challenges of cloud computing explored the value and limitations in the cloud computing model. As a follow up, this article focuses on the unique challenges cybersecurity professionals encounter when securing the cloud infrastructure. What are these challenges and how can they be overcome? Let’s find out.
Technology is always changing
Almost every day, a newer form of technology is released to make things work more efficiently. In 2023 alone, Amazon Web Services, the cloud service provider with the biggest market share released at least ten “cool” innovations. This included Amazon Security Lake, and a generative AI powered assistant Amazon Q. Microsoft has enlarged its cloud services to include several tools such as Security Information and Even Management (SIEM) solutions, Endpoint Detection Systems (EDRs), Data Loss Prevention Systems (DLPs) and Identity and Access Management Solutions (IAMs).
Even as I write, newer technology is being released because they continue to offer seamless integration, enhance productivity and broaden clients’ options. However, for the cybersecurity professional, this requires a constant upskilling process. Security professionals must unlearn what they have learnt and acquire new set of skills in a short turnaround time to keep up with technology and protect it. This remains a major source of challenge when securing the cloud.
Various re-certification requirements
Because cloud computing does not take a vendor neutral approach, it is common to find professionals who hold multiple certifications from different vendors. Vendors have different certificate validity periods and renewal requirements. Some have them in the form of online assessments or earning continuing professional education (CPE) points. Others require you to renew with a higher certification than the current or passing a newer version of the exam.
In addition, certificate validity periods vary. It ranges from 12 to 36 months depending on what the cloud provider sees fit. All these makes the re-certification process quite daunting. Security professionals must either comply or risk losing their certificate.
The way forward
So what solutions are there to overcome these challenges? Cloud computing skills are easily transferable so be familiar with the basic architectures of major cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud. This significantly increases your value and offers you the benefit of quickly adapting to any working environment you may find yourself.
Next, develop your skills with a particular vendor of interest. Your interest could come from personal preference or cloud architectures you are most comfortable with. You could also be motivated by what your employer wants or what offers the most opportunities for your future. When you carve your niche with one cloud vendor, you eliminate the need to manage several certification and re-certification processes. You become an expert and not a jack of all trades.
Put yourself in the driving seat
Technology will continue to evolve at a fast rate and certification bodies will operate however they choose. However, security professionals must remain in control of technologies they choose to learn and use. Gain basic understanding of the major cloud infrastructures, then specialize in one. This significantly reduces the pressures associated with securing the cloud.
Do you have any other challenges and remediation strategies in mind? Share it in the comments section below. Until next time, stay safe, be healthy and be cyber secure.