3 Minute Read

Is the IT Skills Shortage Jeopardizing Your IT Security and Compliance?




May 7, 2019

The Dark Side of Digital Transformation

There’s no doubt that digital transformation can help make an organization more competitive. Technology lets us do things faster, better, and cheaper than our competition. But there’s a dark side of digital transformation that IT and business leaders need to take very seriously.

The World Economic Forum conducted a survey in 2018 to see which technologies organizations expected to adopt by 2022. The results are pretty interesting. For example, 73 percent of organizations anticipated deploying machine learning, a technology most considered to be “future-tech” not too long ago.  Even augmented and virtual reality is expected to be adopted by more than half (58 percent) of companies.

The drive to adopt these technologies is going to accelerate the growing IT skills gap seen around the world. IDG’s State of the CIO 2019 study highlighted just how troublesome the skills shortage is becoming. The greatest concerns were in the area of data science and analytics, with 42 percent saying they anticipated having trouble filling those open roles in the coming year. That was followed by security and risk management (33 percent), AI/machine learning (31 percent), and cloud services/integration (22 percent).

As more organizations adopt new technologies, this shortage is only going to get worse. The Bureau of Labor Statistics expects job openings in computer and information technology occupations to grow 13 percent from 2016 to 2026, outpacing the growth of job openings in all other occupations.

The IT Skills Gap You Can’t Afford to Overlook

If organizations can’t find the staff they need, it will create a drag on their digital transformation aspirations. While recruiters are looking for thought leaders with AI and machine learning skills, they may be leaving other vital skills unfilled.

As just cited above, less than a quarter of the respondents to the IDG survey said they were concerned about finding talent in cloud services/integration. It’s not because there aren’t shortages in that area. Our work with organizations tells us that there are. More likely, IT leaders just aren’t as focused on those skills gaps as they are on staffing up for things to come. After all, they can offload a lot of the day-to-day infrastructure management requirements simply by deploying resources in a public cloud such as AWS or Azure, right?

Security and Compliance

For organizations concerned about IT security and compliance, that’s a dangerous assumption to make. One rookie mistake setting up workloads in the cloud could result in a data breach that costs your organization millions in fines and remediation. A recent HIPAA Journal article cites several examples:

  • A New Jersey healthcare provider inadvertently left an Elastic database (a SQL feature of Azure) set to open. This exposed sensitive information including patient names, addresses, dates of birth, detailed medical information, and social security numbers.
  • A Sacramento, California, based medical software provider unintentionally removed security protocols on a fax server. The server housed more than 6 million records, which allowed healthcare faxes to be viewed over the internet.
  • Thanks to the inadvertent removal of security protections on a website server, UW Medicine exposed the records of almost one million patients online.

All of these incidents appear to be honest mistakes. Most were potentially caused by an IT technician (or someone outside of IT) who didn’t understand what they were doing.

How to Protect Yourself

There are a couple of ways you can protect yourself from mistakes like these:

  • Managed Clouds – If you’re not confident your in-house staff has the skills to manage your cloud deployments, get help. A qualified managed service provider will work with you to determine where your weaknesses are and then propose solutions to shore up your IT security and compliance defenses.
  • Increased Vigilance – Even if you believe you have the staff you need, mistakes happen. The right Cloud Management Platform can provide visibility into all of your cloud resources, alerting you to issues that increase your risk or need immediate remediation.

Let’s look at how that works in the TRiA Cloud Management Platform. This solution comes bundled with all of our Managed Cloud Services but is also available as a separate license. Firstly, TRiA has more than 200 built-in IT security and compliance checks. These cover common standards like HIPAA, PCI DSS, NIST, GDPR, etc. These checks can also be customized to meet unique needs such as a best practice or local regulation.

Compliance checks are regularly run against your cloud resources (AWS, Azure, GCP, etc.). When a resource is found out of compliance, an alert is sent to the appropriate personnel. The screenshot below shows several alerts for issues that are potentially out of compliance with SOC 2.

Remediating and Avoiding Errors

Keep in mind, cloud management platforms like TRiA are a remediation tool. If something is misconfigured, they can limit your exposure by alerting you to the problem. Time-to-remediation can make a difference to organizations like the OCR, which is responsible for overseeing HIPAA enforcement, so this is no small benefit.

However, prevention requires staffing up to avoid those errors in the first place. Staff up either by increasing your focus on recruitment in this area or working with a partner like Connectria that can help you close the IT skills gap in your organization.

Contact us for more information and get a 14-day free trial of TRiA today.



Keep Reading

Prepare for the future

Tell us about your current environment and we’ll show you the best path forward.

Fast track your project. Give us a call.