Security Pros Say Lack Of Skilled Workers Is The Biggest Threat

By Robert Westervelt
February 25, 2013 11:20 AM ET

Page 2 of 2

Application security vulnerabilities ranked the highest among security concerns, a trend identified in the 2011 survey, Taylor said. A shortage of software development professionals trained in security and secure software development processes is a significant issue, she added.

"There's a real need for more software engineers knowledgeable in secure application, product and platform design," Taylor said.

Threats from malware infections, the loss of control and visibility of data in the cloud, social networking ills and the BYOD trend also were identified as top issues of concern. BYOD technology was cited as a significant security risk by 78 percent of respondents, and 74 percent reported that new security skills are required to address BYOD issues. Sixty-eight percent of those surveyed said social media is a continued security concern as well.

The migration to cloud platforms and infrastructure and the steady adoption of Software-as-a-Service is also causing some anxiety, (ISC)2 said. Forty-nine percent of respondents named cloud-based services as either a top or high security concern in the 2013 survey, a 6 percent increase since 2011. Increased adoption of cloud-based services over the two-year period may have contributed to the increasing security concerns, the report found.

(ISC)2 said it believes there continues to be "considerable ambiguity regarding cloud-related risks," with 89 percent of survey respondents seeking security professionals with a sense of how security applies to the cloud. Seventy-eight percent of those surveyed said talented security pros with an understanding of cloud security guidelines and reference architectures are being sought. Security pros also need knowledge of compliance issues, technical knowledge and an understanding of how contractual obligations and requirements are related to security.

"A thorough understanding of each potential cloud service provider would be required to adequately assess risk across provider," the report said. "With cloud services providers not bound by industry standards or regulations with regard to security practices and procedures, general understanding of potential cloud risks would be incomplete in assessing risk."

PUBLISHED FEB. 25, 2013

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	10 Security Companies That Have Scored CIA Funding CIA-funded venture firm invests millions in technology startups, mostly security firms. Find out which security companies won In-Q-Tel funding.
	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	More Slide Shows