What are the real challenges in cloud security these days? In my recent conversations with industry practitioners, one came up consistently: the lack of knowledge and skills to adopt cloud securely.
These gaps are slowing down how teams build, manage and secure their cloud environments, and they may be affecting your teams as well.
Provider specific technical expertise
Many IT professionals attempt to transfer their on-premises security knowledge directly to cloud. But this often leads to ineffective and hard to maintain solutions.
A technical example is insisting on traditional firewall architectures. These are hard to implement right in the cloud and can lead to less secure deployments than are possible with cloud native architectures.
One set of skills that is relevant to addressing this is understanding what features a specific cloud provider has for building a secure architecture. There are many courses available from the providers, even free ones, though it can sometimes be a bit challenging to select the correct ones.
However, without understanding how abstraction and automation change the IT security game, these technical skills will not result in more efficiency. And without more efficiency security efforts will be outpaced by the speed of new developments.
Understanding the big security picture
While technical and cloud provider specific know-how is essential, it is just part of the skillset that is required. We also need a fresh perspective on security principles, if we don’t want to get bogged down in a quagmire of technology specific approaches.
The concept of Zero Trust pulls together many earlier insights in the essence of proper IT security architecture, such as the demise of the traditional perimeter and the need for identity-centric security and unifies them.
Zero Trust has the potential to serve as the ‘missing link’ between governance and technology implementation (a topic on which I hope to write another time). But for that to happen, teams need specific skills. They must extract the Zero Trust essence out of existing security solutions and translate them into actionable real-world practices that fit in modern cloud deployments.
Now what?
Do you recognize these challenges? If, like me, you believe that targeted skills training has the potential to have a high return on investment, then have a look at two of my certification-based programs.
CCSK, the Certificate of Cloud Security Knowledge, is the ‘mother of cloud security certifications’, and an industry evergreen. I have delivered it more than 150 times over the past years. Recently, I have helped upgrade the Study Guide to version 5. While the study guide is technology neutral, there is an optional set of labs that guide you through major security controls for Amazon Web Services and Microsoft Azure. Through my blended teaching format, we emphasize your autonomy in preparing, and you’ll gain practical skills in dynamic discussions and exercises. But we don’t stop there.
For more details on the format look here.
CCZT, the Certificate of Zero Trust Knowledge, was launched in 2023, and is the first program to codify Zero Trust in a certification. I have contributed to this one too, and I have a program that combines teaching with coaching. This runs over a longer period so that you can directly implement your skills in your organization.
More information on CCZT is here.
Curious how these programs can empower your team? Let’s talk. Schedule a quick 15-minute call here.