Security and skills are top concerns for cloud, (ISC)2 report reveals

Information security is a top concern about cloud computing among IT professionals, a study has revealed. Over half of 7,500 IT security professionals...

Information security is a top concern about cloud computing among IT professionals, a study has revealed.

Over half of 7,500 IT security professionals polled (54%) said exposure of confidential or sensitive information to unauthorised systems or personnel, and the loss of confidential or sensitive data were their top concerns.

Only 3% said these were not concerns, according to preliminary results of the 2011 (ISC)2 Global Information Security Workforce Study (GISWS) conducted by industry analysts Frost & Sullivan.

Susceptibility to cyber attacks and disruptions to the datacentre ranked as a top concern for 26% of respondents, followed by weak system and/or application access controls (22%), inability to support compliance (16%) and inability to support forensic investigations (13%).

"The concern over risks to data suggests that we as a profession recognise the need to master our understanding of how data is used and valued by the business and its customers," said John Colley, EMEA regional managing director of (ISC)2.

This goes beyond understanding the technology and detail of the systems because IT is a tool of the business, and it is the business itself, its processes and the information it uses that must be understood, he said.

On average, around half respondents said they expected demand for information security because of cloud to increase in every sector.

Many different types of organisations are looking to cloud computing as a way of reducing IT cost, said Colley.

However, he said, organisations need to consider that the cost of securing data in the cloud could undermine those savings.

Some 73% said cloud computing required new skills, and of these, most said they needed a detailed understanding of cloud computing, followed by enhanced technical knowledge (81%) and contract negotiation skills (50%).

"The results indicate that most IT security professionals recognise that a lot of new technology is involved and not all of it is fully understood," said Colley.

Colley is to look at the IT industry's skills gap at a presentation at Infosecurity Europe 2011 in London 19 to 21 April.

Robert Ayoub, Frost & Sullivan lead analyst on the study, said it was surprising to see such an emphasis on technology when cloud computing concerns the outsourcing of the management of IT.

"Professionals, the majority of whom have a technical background, appear to be focusing on the familiar. The instinct to develop skills for the new operational dynamic introduced by cloud computing may still be elusive for many," he said.

The full fifth edition of the (ISC)2 GISWS study into the information security profession is to be published on 17 February.

Read more on IT risk management