Lack of security skills has become a drag on Australia’s digital transformation

A lack of cybersecurity skills has forced more than half of Australian IT decision-makers to slow down their cloud rollouts, according to new research that has redoubled the urgency of strategies for building and deploying Australia’s cybersecurity capabilities.

The rush to the cloud was slowing across the board, according to a new McAfee survey of 1400 IT decision-makers that found the proportion of businesses with cloud-first strategies had dropped from 82 percent a year ago, to 65 percent now.

One in four companies has experienced data theft from the public cloud, while 1 in 5 said they have experienced an advanced attack against their public cloud infrastructure.

With cloud security estimated to rise from 27 percent of IT-security budgets to 37 percent within the next 12 months, Cloud Security Business Unit senior vice president Rajiv Gupta told CSO Australia, the figures suggest that customers were learning the hard way that cloud security is harder than many companies had anticipated when they began ambitious digital-transformation efforts.

Poor visibility was flagged as a significant issue – and vendors, Gupta said, are to blame. “We see a plethora of vendors claiming to be best of breed, but they have laid the effort of integrating all of these products into a cohesive whole, on the feet of their customers.”

“But that is not their business; their business is producing sweaters, or cars, or managing financial instruments. We as an industry need to show that the different products we sell can exchange threat telemetry to function as a cohesive whole.”

Significantly, the problem seemed to be markedly worse in Australia, where 53 percent of respondents said problems with cloud security had forced them to slow down their cloud rollouts. This was well above the 30 percent figure in the UK, 37 percent in Canada, and 40 percent figure recorded globally – suggesting that the long-reported paucity of relevant security skills in Australia was taking its toll.

Just 10 percent of Australian companies said they do not have a cybersecurity skill shortage and are continuing with cloud adoption – well behind the 24 percent figure in the UK, 19 percent in the US and Japan, and 16 percent globally.

A flurry of recent initiatives have sought to help close the gap, with Vault Systems this month announcing the establishment of a Vault Academy to put 3000 government IT professionals through a two-day course based around problem-solving scenarios designed “to support a move to cloud-based computing”.

“The cloud is an enabler of digital transformation because it offers organisations and agencies the speed and scale to drive innovation,” Vault Systems founder and CEO Rupert Taylor-Price said in a statement. “However, for government, information security must be retained in this more productive computing environment.”

“To do this both secure cloud systems and IT professionals trained in its use are required. There is no doubt that the move towards digital transformation will only be successful if the Australian IT workforce has the necessary skills and experiences to support a seamless move to the cloud.”

Palo Alto Networks, for its part, is addressing a different aspect of the cybersecurity skills crisis by next week launch a partnership with Girl Guides Australia that will teach NSW and ACT guides the basics of computer networks, cyber-attacks, and online safety. The program is mirrored after a similar program in the US and is designed to build interest in STEM subject areas as well as cybersecurity.

Industry incubator AustCyber has also been working on developing the future cybersecurity workforce, with a recent ‘speed dating’ event heralded by attendees and industry as the right kind of intervention necessary to steer skilled university students into cybersecurity careers.

The McAfee findings reinforced the idea that successful cloud deployments rely on making cybersecurity an organisational habit – and that Australian companies are lagging their global peers.

Australia was named, along with Japan and Germany, as being one of the countries with the lowest adoption of DevOps – the integrated application-development and IT operations paradigm that has been linked to more effective cloud deployment. Just 35 percent of Australian companies are using DevOps – compared with 49 percent globally – while the related DevSecOps is in use within 77 percent of DevOps companies.