Frost & Sullivan and the security professional group (ISC)2 recently conducted a survey on the state of security work force. The survey’s leader says that information security professionals are too busy with their day-to-day work to devote enough time for security related work. This inability to focus on security work leaves IT security professionals unprepared for major technological changes such as cloud computing and the increasingly sophisticated spectrum of application security threats. The survey’s report states that companies are potentially endangered by this inability of IT security professionals to fully prepare themselves to deal with emerging vulnerabilities. Frost& Sullivan estimates that the number of IT security professional, current about 2.28 million, will increase to about 4.2 million in 2015.The survey shows that 34% of organizations plan to increase their spending on IT security personnel in 2011.
Perhaps unsurprisingly, application vulnerabilities show up as the most important threat to a company’s security. Over 40 percent of the survey’s respondents believe that security professionals need more training to manage application security issues. Right behind application security in importance for most companies is mobile device security.
Amazingly, about a third of respondents stated that they have no security polices to protect themselves against threats from social media. Over half of the security professionals reported that they have a private cloud in place and more than 40 percent reported using software as a service. Respondents also expressed the need for new skills to secure the new cloud based technologies. A full 85 percent of the respondents expressed concerns that they maybe exposing sensitive or confidential data to unauthorized people or systems because of their increasing reliance on cloud computing.