Hybrid cloud security risks from lack of skills

There are heightened security risks from a lack of skills in the hybrid cloud market, according to research.

Research from data services firm The Bunker has found that while a majority of organisations are implementing a hybrid cloud infrastructure, 31 percent have reported a stalled or failed cloud migration due to a lack of in-house skills.

This is a particular concern as hybrid cloud models carry a unique set of security risks that IT leaders must address if they are to keep their data secure, said The Bunker.

The research, which surveyed IT leaders in 100 mid-market and large UK organisations, found that 90 percent of organisations have implemented some kind of hybrid cloud infrastructure in the pursuit of cost efficiency, flexibility and scalability.

However, 70 percent of those organisations had experienced some level of failure, preventing them from achieving their business goals, with the most-commonly reported problem being a lack of in-house skills.

Commenting on the research, Phil Bindley, CTO of The Bunker, said: “CIOs and IT decision makers recognise hybrid cloud as a compelling model for IT service delivery. Yet many are unable to handle the transformation with the skills that are available in-house as IT changes rapidly, and staff experience difficulty keeping up.”

He said: “Data security is always one of the most sensitive and immediate concerns of IT leaders, so when we find that nearly a third reported that a lack of skills had resulted in failure, business leaders need to ask serious questions about how secure their data is.”

Hybrid cloud deployments use new application programming interfaces (APIs) and require complex network configurations that “push the limits” of traditional system administrators’ knowledge and abilities, The Bunker said.

Furthermore, if data includes payment card information then a hybrid cloud needs to not just make sure that both internal systems and the cloud are PCI DSS compliant, but also that data transfer between the two areas are protected. Another area to consider is that existing authentication, authorisation and identity management processes need to work seamlessly in multiple environments.

“With a shortage of skills, IT leaders need to make sure that they do their due diligence with potential providers to make sure that they understand the hybrid environment. They must be able to work seamlessly with existing internal systems and with other cloud suppliers,” said Bindley.

@AntonySavvas