Respondents said one of the biggest challenges facing cloud specialists and senior executives in the C-suite is the difference in what each side holds as priority. While senior executives are as passionate as cloud experts about protecting their organization and ensuring security and growth for the long-term — their interests are built around issues of fiscal responsibility. At the same time, cloud specialists seek to explore the people, processes and tools that will help ensure their organization’s protection, security and growth — and that requires a financial investment.
From the perspectives of cybersecurity experts, what should the C-suite know about their organization’s cloud strategy so both sides can work toward their mutual goals?
Hire for Fit, Then Train
First, cyber experts say it’s important to use accurate job descriptions rather than broad-brush generalities when recruiting talent to work in the cloud. There are many roles required to ensure the technology backbone of an organization remains robust and secure; specificity in job descriptions allows for a more precise assignment of responsibilities with less overlap across roles. To an extent, it is advisable to have some skills overlap as insurance when a team member is unavailable, but given the complexity of IT and the frequency of crises across technology areas, a clear delineation of responsibilities is vital.
In addition, experts say it is important to hire people who can be trained in cloud roles rather than recruiting with a tunnel-vision strategy that targets only candidates whose past experience exactly matches the job description. Companies are discovering there is more gained from hiring people who are a good fit for their culture and that com soft skills, including communication and leadership, are as important as technical knowledge and skills to their success.
Understand Cloud Essentials
C-suite executives are busy, and along with their board of directors, they may lack in-depth knowledge of cloud security. However, liability is something they are very familiar with, even though they may not fully understand what role it plays in the cloud. Enforcement of data sovereignty regulations like GDPR or HIPAA points to significant liabilities when it comes to data at a single location or health-related information transmitted in the cloud. Senior managers must have a strong understanding of cloud essentials to protect their organizations, cyber experts say.
Clear the Lines of Communication
Awareness of the benefits and risks of cloud technology must be a central priority so that executive boards and cloud specialists are able to effectively communicate with each other in order to promote data security, according to cyber experts.
A recent article in Harvard Business Review by three senior partners at McKinsey cites these five questions boards should ask about digital transformation, including as they relate to the cloud and hiring:
- Does the board understand the implications of digital and technology well enough to provide valuable guidance?
- Is the digital transformation fundamentally changing how the business (and sector) creates value?
- How does the board know if the digital transformation is working?
- Does the board have a sufficiently expansive view of talent?
- Does the board have a clear view of emerging threats?
When senior executives understand that data is the lifeblood of their organization, and that the role of the cloud in storing and managing it is a central sustainability priority, there are more opportunities for all parties to help ensure long-term cybersecurity and growth.
Learn more recruiting strategies on building a strong cloud security team in the (ISC)² eBook, Cloud Adoption and the Skills Shortage: A View from the Field.
How CCSP Certification Can Help You
Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at (ISC)².
Achieving CCSP certification provides the added benefit of membership in (ISC)², the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. (ISC)² provides members with professional development courses through the Professional Development Institute (PDI); technical webinars covering evolving cybersecurity trends; and benefits, such as the (ISC)² Community and InfoSecurity Professional magazine.