Three Ways Network Complexity Fuels the IT Security Workforce ShortageMay 9, 2016
The workforce shortage in the IT security field is real and shows no immediate signs of improvement. Recent research by global IT and cybersecurity organization ISACA highlights just how big the problem is. Of the 461 cybersecurity managers and practitioners surveyed globally, 60% said that less than half of their candidates were qualified upon hiring. Additionally, 54% responded that it took three months or more to fill IT security posts and one in 10 are never filled.
The inability to fill these open positions with qualified personnel can leave an organization vulnerable to a range of internal and external security threats, such as phishing, denial of service, hacking, ransomware and online identity theft. But what is causing this apparent shortfall in qualified staff and how can this issue be overcome?
The lack of knowledgeable and experienced professionals who can handle IT security is being driven by three factors: too many point solutions; increased network architecture complexity; and too many conflicting priorities.
-1- Too many point solutions
The increasing sophistication and frequency of threats have led to an explosion in the number of point solutions installed on business systems. In turn, the knowledge and number of staff required managing all of these solutions have increased to handle the workload. What began as a few supplemental security appliances along the network’s perimeter has now become an appliance straightjacket, severely constraining an already burdened IT team.
-2- Increased network architecture complexity
As businesses look to grow or become more efficient by moving data and applications to the Cloud, their network architecture grows in complexity. The modern corporate IT infrastructure can often be a mix of cloud and on-premise solutions, being accessed through a range of platforms and devices, accommodating remote offices, mobile, and on-site workers. This has led to an increase in the attack surface that requires the deployment of new security capabilities and tactics. According to recent research from ESG, 46 percent of organizations say they have a “problematic shortage” of cybersecurity skills in 2016, with 33 percent citing “cloud security specialists” as their biggest deficiency.
-3- Too many conflicting priorities
This growth in network complexity results in IT security teams having to juggle too many conflicting priorities. They spend more time running the infrastructure itself and meeting compliance mandates than thinking about the threat landscape, evolving attack vectors, and how to properly adapt to them.
Simplicity is the solution
There is no magic wand that is going to suddenly produce a wealth of qualified candidates who can deal with the rise in the workload and complexity of managing it. Instead, organizations should focus on simplifying how their network security is provided to improve the level of protection.
But how? The very same forces responsible for the complexity of networks – cloud, virtualization, and software – can be leveraged in a new way to actually simplify an organization’s IT network. By re-establishing the enterprise network perimeter within the Cloud and securing it, it is possible to move away from the appliance-based, point-solution approach that is prevalent today. Organizations can reduce the workload on critical IT resources, with simpler topology, better visibility, fewer policies and configurations to maintain. At the same time, the attack surface will shrink because there are fewer moving parts to manage.
Through connecting to a managed, Cloud-based network, an organization can significantly reduce its dependency on hardware and point solutions. Such a network is also easier to manage by service providers where assets are being continually monitored, maintained and updated by fully qualified IT security experts based on the latest cyber intelligence.
By solving the complexity issue, an organization can let its staff focus on core strategic IT security initiatives, such as cybersecurity training for staff, and spend less time on network management and maintenance. The result is a reduced requirement for newly qualified staff to fill in the gaps – simple.