Contract negotiation skills are one of the top three required abilities for information security professionals dealing with cloud computing, according to new research.
This is one finding highlighted in early survey results from the 2011 (ISC)2 Global Information Security Workforce Study (GISWS) conducted by industry analysts Frost & Sullivan and covering more than 100 countries.
According to the survey, 73 per cent of the more than 7,500 (ISC)2 certified professionals, participating in the study, said cloud computing requires new skills. (ISC)2, is the world’s largest global, not-for-profit organisation specialising in educating and certifying information security professionals.
This is the fifth edition of the most comprehensive study into the information security profession, and (ISC)2 said it will release the final report in mid February.
In a statement, (ISC)2 said that when asked what new skills would be required for cloud computing, half of the survey participants identified contract negotiation skills as one of their top three requirements. This came after the desire to develop a detailed understanding of cloud computing, chosen by 93 per cent, and the desire for enhanced technical knowledge, selected by 81 per cent of participants.
Cloud use increasing
More than half of the members surveyed said their organisations are using cloud computing at some level. Sixteen per cent said their organisations are using public cloud services, and 42 per cent identified their use of software-as-a-service (SaaS).
For participants, the exposure of confidential or sensitive information, data loss or leakage is of greatest concern, with 85 per cent rating this as a top or high concern. This was followed by significant concern over weak system or application access controls (68 per cent), susceptibility to cyber attacks (65 per cent) and disruption in availability (62 per cent).
The (ISC)2 Global Information Security Workforce study is commissioned biannually and has been tracking significant trends since 2004.
(ISC)2’s managing director, Europe, Middle East and Africa (EMEA), John Colley CISSP, said the concern over risks to data suggests that the profession recognised the need to master the understanding of how data is used and valued by the business and its customers.
“This goes beyond understanding the technology and detail of the systems,” Colley said. “IT is a tool of the business, and it is the business itself, its processes and the information it uses that must be understood.”
Increasing demand for security professionals
Survey participants were also asked whether cloud computing was likely to impact demand for information security professionals. The results revealed significant optimism, with less than 10 per cent believing that the cloud would reduce demand and about half believing the trend towards the cloud would increase demand for security professionals.
Frost & Sullivan lead analyst Robert Ayoub, CISSP, said it was surprising to see such an emphasis on technology and detail, looking at a trend involving outsourcing management.
“Professionals, the majority of whom have a technical background, appear to be focusing on the familiar,” Ayoub said. “The instinct to develop skills for the new operational dynamic introduced by cloud computing may still be elusive for many.”