The two T’s of cloud security: Talent and technology

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

Deloitte recently released its latest Future of Cyber survey, bringing together the perspectives of 500 C-level executives who have visibility to and responsibility for cybersecurity in companies with at least $500 million in annual revenue. I was encouraged to see that more and more organizations are taking a proactive approach to preparing for and responding to cyber incidents. However, many of the same challenges continue to get in the way: Budgetary limitations, talent gaps, and misalignment to executive management’s digital transformation priorities to name some of the big ones.

That’s why, when it comes to security, there are two T’s to consider. The first T is Talent, or your ability to build and retain the right team of people to manage cloud security. This includes recruiting new talent, continually training current IT employees, and thoughtfully leveraging consulting firms. The second T is Technology, or the ability to tap into the right tools and solutions that will help mitigate security risks today and can be scaled and adjusted as the organization evolves over time.

It’s important to recognize that technology alone doesn’t guarantee security. You may have the best security technology on hand, but if there is nobody who understands how to correctly leverage it, you don’t stand a chance. It’s my opinion that most cyber attacks are caused by the lack of proactive security management–patches are not applied, attack vectors not considered, and/or there is no real-time monitoring for example. These are security vulnerability problems that could be traced back to lack of experience and knowledge. In other words, pilot error. Organizations need to engage talent that has both the technical chops in state-of-the-art cloud security as well as an understanding of how to get ahead of potential threats.

Even if you solve for the right people, you may still fail if you don’t arm your top-tier security talent with the weapons they need to fight the cyber wars. The good news is that many of these tools are much less expensive than just a few years ago and are often cloud-delivered, which means they are constantly and centrally updated. New technologies like anomalous detection, machine learning (ML), and AI enable organizations to gain broader, real-time visibility into their changing threat landscape compared to what traditional technologies offer. And yet, 90 respondents of those surveyed by Deloitte cited 10 percent or less of budget dollars were designated for efforts such as cloud migration, SaaS implementation, analytics, and ML. Budget continues to be a limitation for tech.

So, are two T’s all there is to it? Of course not. However, solving for the two T’s will get you much further down the road, and may help your organization prepare for and respond to security threats.