Thanks to the growing number of technologies and connected devices adopted by businesses, information security professionals are being stretched thin.
The survey, conducted by research firm Frost & Sullivan and sponsored by an information security non-profit called (ISC) 2, said the demand for security professionals will soon double the number available. As of 2010, the survey estimated there are 2.28 million information security professionals worldwide. By 2015, nearly 4.2 million will be needed.
The growing need is due to the increased number of mobile devices, cloud services, social networking and insecure applications. The survey compares the supply of information security professionals to a series of small leaks in a dam, which is showing signs of strain. It also says there is a severe gap in skills needed industry-wide.
In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around, said Robert Ayoub, global program director of network security for Frost & Sullivan, in a statement. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.
Ayoub said the risks can be reduced through an investment in attracting high-quality entrants to the field and concurrent investments in professional development for emerging skills. Even though he says this is happening at some level, it's unclear whether enough new professionals and training will come to patch up those leaks.
The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization. The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands, Ayoub said.
The number one vulnerability security professionals are concerned with is applications. Seventy-two percent of respondents said applications contained the biggest threats. Meanwhile, cloud computing illustrated the gap between those available and those who are needed. More than 50 percent of respondents said they had private clouds in place and yet more than 70 percent reported the need for new skills to properly secure those cloud-based technologies.
We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study, W. Hord Tipton, executive director of (ISC) 2, said in a statement.
To contact the reporter responsible for this story call (646) 461 6920 or email firstname.lastname@example.org.