Prepare for Careers in the Cloud

Credit EligibleAs a HealthcareInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

June 30, 2010 - Upasana Gupta, Contributing Editor

As organizations increasingly turn to cloud computing to support critical business functions, what becomes of the information security personnel formerly charged with protecting those functions?

Change is coming, experts say. The shift to the cloud impacts organizations throughout the private and public sectors. As a result, opportunities change for information security professionals at every stage of their careers.

"There will be a reduction and consolidation in functions associated with IT security operations within the next year or so," says Hord Tipton, executive director of the International Information Systems Security Certification Consortium (ISC2), the security certifications body. "Curtailment will be in areas of system and network administration, but more jobs are likely to sprout up and move in other areas within IT security."

The key to success is: Know which job opportunities are disappearing and which are opening.

The Cloud Impact

An evolution of the type of outsourcing that many organizations have practiced for years, cloud computing is generally embraced as an approach for delivering and consuming IT resources, (computer, storage and applications) characterized by customer self-service and high levels of standardization and automation. Basically, cloud computing's business model is to reduce the time and cost associated with delivering new business capabilities.

Because of heavy IT presence in their cost structures and potential to uncover new market opportunities, government, financial services and healthcare are among the first sectors to migrate to cloud services, says Bert Armijo, VP of product management, cloud solutions at CA Technologies. "The push for cloud services in these industries is not just about cost, but speed and time-to-market products and services," Armijo says.

Every job right from the chief executive officer through business middle managers and IT security managers will be affected by the cloud migration, says Kevin Jackson, vice president of NJVC, one of the information technology and cloud solution providers supporting the United States Department of Defense. "This is because cloud computing is forcing a shift in enterprise IT from 'building and doing' to 'managing and consuming.'"

This shift creates the need for new roles within information security, experts says - roles that will increasingly specialize in managing agreements and deliverables with cloud providers

In With the New

So, which roles diminish with the advent of cloud?

System and network administrators that solely focus on firewalls, routers and hardware monitoring will gradually find their jobs disappearing. The cloud will move to a whole new virtual environment requiring "a management of cloud services around web applications and business and not so much around provisioning IT," says Jackson.

Current system and network administrators, therefore, need to stay on the cutting edge to keep their jobs. These professionals must train themselves in web applications and deployments, as well as virtualization.

On the plus side, the cloud movement will further enhance focus on industry-specific, business-related processes and lead to more business, privacy, application, risk and security-savvy management professionals. Who can understand how to protect and classify data in the cloud? What encryption methodologies must be deployed? How does one handle incident response and manage incidents and their impact on the company?

"There will be a clear shift in demand from blue collar IT security workers to white collar positions," says Tipton. "New jobs in areas of application security, Web 2.0 deployments, virtualization, server consolidation and configuration management will come into play in organizations within the next 6-12 months."

The cloud will also open more specific business-focused roles for individuals that will need to heavily collaborate with business leaders on topics such as how to negotiate contractual agreements with providers and monitor the changes in terms of dynamic need for services by the organization.

Preparing for the Transition

To help professionals prepare for the transition to cloud computing, experts offer this advice: