X
Tech

Cloud security depends on the human element

The fact is that most organizations have created an artificial barrier between IT professionals and business professionals. The line of business professionals, management and executives are more valued than the techies running the IT shop.
Written by Dana Gardner, Contributor

This BriefingsDirect guest post comes to you courtesy of Andras Robert Szakal, director of software architecture for the U.S. Federal Software Group at IBM and a member of The Open Group board of directors. He can be contacted here.

By Andras Robert Szakal

I’m spending a considerable amount of time these days thinking about cyber security. Not just contemplating the needs of my customers but working with other industry thought leaders within IBM and externally on how to address this convoluted, politically charged, complex and possibly lucrative domain. Much of our thinking has centered around new government programs and game changing technologies that seek to solve the increasing cyber security challenge.

Yesterday another cyber security report was released and instead of new technology it suggested the problem was with us – the people – as in us humans. The study suggests that we need more educated smart folks to thwart those evil hackers and prevent nation state attacks. Oh, and embedded in the report is the notion that technical folks would like to have some runway in their careers. Gee that’s a novel idea that we have been pushing as part of the professional certification programs within The Open Group over the last five years. [Disclosure: The Open Group is a sponsor of BiefingsDirect podcasts.]

I’m sitting in the cloud computing stream today at the 23rd Open Group Enterprise Architecture Practitioners Conference in Toronto. Not surprisingly every presenter and panel eventually settles on the subject of cloud resiliency and securability and the need for skilled architects capable of effectively applying these technologies.

I can’t help but think that most of the industry’s challenges with implementing shared services and effectively protecting the infrastructure is that organizations don’t have the proper architectural skills. Most vulnerabilities are seeded in bad architectural decisions. Likewise,

Some headway has been made in the integration between IT and the business. But for the most part they still exist as separate entities.

many of the poorly constructed services, SOA, Cloud or otherwise are the result of poor design and a lack of architectural skill. The challenge here is that high value architects are difficult to grow and often more difficult to retain.

Back to the cyber report released July 22.

The fact is that most organizations have created an artificial barrier between IT professionals and business professionals. The line of business professionals, management and executives are more valued than the techies running the IT shop. Some headway has been made in the integration between IT and the business. But for the most part they still exist as separate entities. No wonder the cyber report suggests that prospective high valued cyber security specialists and architects don’t see a future in a cyber security career.

How do we address this challenge?

Let me offer a few ideas. First, ensure these folks have architectural as well as cyber security skills. This will allow them to think in the context of the business and find opportunity to move from IT to a line of business position as their careers grow. Ultimately, the IT teams must be integrated into the business itself. As the report suggests it’s necessary to establish a career path for technologies but more importantly technical career paths must be integrated into the overall career framework of the business.

This BriefingsDirect guest post comes to you courtesy of Andras Robert Szakal, director of software architecture for the U.S. Federal Software Group at IBM and a member of The Open Group board of directors. He can be contacted here.

Editorial standards