Top Three Skills for Data Security Pros

security image
security image

Security in IoT is also a necessity

Top Three Skills for Data Security Pros

What you need to succeed in data security? Compliance, Governance and Data Security Experts

If 2016 shapes up anything like the last quarter of 2015, data security in the IOT will continue to be a hot topic for all of us working to protect our work in the Cloud. In my last article, I discussed several trends that we are monitoring at SoftNet Search’s IOT practice area. This time, I will weigh in on the kinds of people who will fulfill the needs of companies who are staying ahead of data security trends.

IT Headcount Going Up

According to all the people that matter, IT will continue to hire data security and other pros in 2016. For example, Computerworld’s recent survey showed that “37% of the 182 IT professionals who responded to the survey said they plan to increase head count in the upcoming year — that’s a significant jump from last year, when only 24% said they planned to add new staff. Moreover, 24% of those polled this year listed “attracting new talent” as first among their business priorities for the next 12 months.”

So how will they find the data security specialists they need? They will focus on these top three skills:

1) Security (General) – General security projects rated number two in the “most important IT projects that survey respondents have underway.” General security specialists, including data security pros, will command higher salaries, with Robert Half Technology 2016 Salary Guide predicting a 5% to 7% rise this year, hitting a range of 100K to 200K on average.

2) Compliance– Small-to-medium sized businesses are racing to ensure that their compliance policies are up to speed, especially if they’re working in the IOT. Healthcare continues to head up the compliance market in this field, with financial services and consumer privacy goals (customer information safety) coming in a close second and third, respectively. Data security specialists and database analysts will continue to command higher salaries—and a track record of managing big data in the cloud – and providing compliance leadership for functional business partners—is a must. Computerworld again: “Exactly 50% of the IT professionals who participated in our Forecast 2016 survey said they plan to increase spending on security technologies in the next 12 months.” Making sure these technologies include built-in compliance gate keeping will be top of mind for data security leaders all throughout 2016.

3) Governance– Many large corporations have a lock on their governance policies because they have the headcount to ensure that Cloud and SaaS solutions across the enterprise fold into their existing governance plans. They can also pull together IT governance committees to get ahead of this issue and ensure that data security guardrails are firmly in place via smart governance plans.

Who owns your data security governance policy?

The problem is, many companies have had to institute ad hoc governance because they don’t have the time to control these policies in a centralized way. Functional, siloed IT business partners might “own” the governance policies for say, customer information, with others guarding HR or manufacturing data. Data security pros with backgrounds in IT governance can help answer IT leaders’ most pressing governance questions in an enterprise-wide manner and ensure that governance rules don’t languish in silos, making your company prone to breaches of policy. Hire someone to answer these questions:

  • How to start instituting a cohesive governance strategy that grows with the company (and its technologies)?
  • Who should we include on our team
  • How long it will take until the governance policy works on its own to cover all of our technologies and foreseeable ones?
  • Who should manage the project and become accountable from the beginning?

 

If your data security pros don’t have the answers to these questions or have not worked as a team to define governance for the IOT, chances are they will need to get up to speed—and quickly.

 

What doesn’t work as well?

We’ve watched some companies hire a consultant to help the Corporate Governance Officers (CGOs) with the IT end of their jobs. The problem with that solution is that IOT and cloud-based data security and governance should not be placed on the table in front of a bunch of lawyers that, no matter how skilled, can’t be expected to keep up with best practices in the field. Hiring internal IT governance headcount, if even on a contract basis, works better in the long run and will cost you thousands less without costing you your peace of mind.

 

If you’d like to know more about the highly-skilled data security specialists I’ve seen in my practice; or if your enterprise requires help with IT compliance, governance or data security in general, definitely give me a shout.

Save

What’s Coming in 2016 IoT Devices?

It’s no secret that IoT, IoT devices and data are changing dramatically. Industry experts believe that 2016 is going to be a year of action and change as trends move forward dramatically. Technology changes are happening faster than many companies can react or adapt to them. Data Security, IoT Security, Cloud computing and mobile computing are where the top changes are expected to be.

MobileIron’s VP of strategy says that we can expect to see dramatic changes in every area of computing. Ojas Rege says “2016 will be a challenging year for IT devices as mobile and cloud force CIOs to adopt a more agile model of information security, policy design, technology evaluation, and lifecycle management,” “2015 saw more mobile malware than ever before, with a string of exploits such as Stagefright, KeyRaider, XcodeGhost, and YiSpecter. In 2016, we will see hackers continue to figure out clever ways to make apps appear “trusted,” Rege believes. “As a result, expect that Apple in particular will continue to shut down untrusted ways of distributing apps to devices, such as side-loading, and become much stricter about controlling the use of private APIs.”

Nearly every security specialist believes that two things will change in IoT in 2016 that are more important than any other. These two things will pave the way forward for IoT.

Customers are going to insist on better applications for use. Customers are insisting on applications that are proven secure, rather than put together in rapid and insecure ways.

In spite of all of the attention that it’s getting, the IoT is at this moment in time more experimental than end run perfection. Every vendor is striving for IoT perfection but some of them aren’t even sure what it is.

Companies are all seeking to ride the wave of IoT but many are not sure how to accomplish that and aren’t certain whether or not they are on the right pathway. Rege believes that by the end of 2016, companies are going to change how they view IoT and realize that it is not a game, but an imperative for any company that is going to move forward. He states that “A set of high-value IoT use cases will emerge, and vendors will enter 2017 with the ability to deliver commercially useful solutions.”

Rege believes—and most companies believe along with him, that Iot energy, security, and innovation are going to be necessary parts of the computing landscape in 2016. The enterprise requires developers of IoT to completely rethink the business and IoT processes rather than just porting apps to Iot platforms that are not secure and not worthwhile. The users of today are rapidly growing tired of hearing that their application or their IoT product has been found to be insecure. It has changed their trust in the products and will continue to do so in a way that will prevent them from using IoT devices that have not been proven to be secure.

Rapid changes in technology, user demands and methodology changes and the need for more secure IoT and mobile applications mean that companies are going to need talented developers and security personnel in IoT on a level not previously seen.

Where is your company so far as IoT development and what kind of plans have you made for the changing IoT landscape in 2016?