The role of IT has evolved massively in recent times. It was once deemed as a back office function, a department existing simply to keep the real money making teams, such as sales and marketing, operational. There wasn't an obvious correlation between IT spending and revenue. Today, businesses are operating in a very different environment. The rapid adoption of cloud computing, big data and other data-heavy functions means that quantity and quality of information is now seen as a competitive advantage. The speed at which vital actionable information can be extracted from large data sets drives innovation, decision making and business growth, and IT is vital to the process.
Businesses are facing a twofold challenge. Firstly, how to view, process and analyse data in an effective way. Secondly, how to defend it against the ever-evolving cyber-threat. Overcoming these hurdles requires an evolution of the common IT department skillset, and many businesses are finding themselves underequipped. Imagine a lower league team building a squad after years in the bottom divisions to then suddenly find themselves playing in the Premier League, there's going to be a skill disparity. If businesses don't address the widening skills gap, the risk to enterprise data will only increase as more sensitive information and critical functions are migrated to the cloud.
Here are five skills that businesses will need IT to master to keep sensitive data secure:
1. Incident response management
It's almost a certainty that a company will fall victim to a cyber-attack or data breach. However, the examples that make the headlines are often companies that didn't have a comprehensive incident response plan in place. Knowing how to react to an event is essential to minimising damage and IT plays a leading role in creating the plan. IT teams understand where the most sensitive data resides and the servers that are most vulnerable; therefore, IT must be able to collaborate with other teams effectively, to assign specific tasks to individuals and run practice drills.
Furthermore, a good IT team never stops learning. It's one thing to learn from your own mistakes, but with data breaches it's better to learn from others'. This means examining the worst examples as well as the best ones.
2. Communication with non-IT departments and executives
There needs to be a constant flow of communication between IT and the other teams. This means that individuals must know how to tone down technical jargon when speaking to executives in other fields. While planning the incident response, for example, it's no good telling someone in marketing or accounting their responsibilities if they don't fully understand what's being asked of them.
3. Analysis expertise with very large datasets
Data is useless without the skills to analyse it. As companies look to their data to drive performance, the need to employ a ‘data scientist' is becoming paramount.
Data scientists need a solid understanding of database management and the scripting languages to query data. They must also possess the capability to use open source technologies, such as Hadoop and its processing system, MapReduce, for data processing. Whether a business operates its own software clusters within a data centre, or uses big data solutions from cloud providers such as Amazon, the ability to use these tools to manipulate and understand data will only become more important.
4. Ability to write code and application development experience
While most IT and IT security professionals aren't required to be full stack developers, it's important to understand some level of programming and be able to write scripts as needed. Even basic programming courses can empower teams to patch small vulnerabilities, meaning companies aren't left at the mercy of external developers' schedules should a quick fix be required.
5. Security certifications
Investment in cyber-security continues to increase, with global spending reaching US$ 108 billion (£81 billion) by 2019, according to Gartner. It's big business, so it's no great surprise to see more people choosing it as a career path. This means individuals are having to do more to stand out from the crowd and make their way onto the security teams of the largest organisations. Certification such as becoming a ‘Certified Information Systems Security Professional' (CISSP) can go a long way in proving credentials as it demonstrates a dedication to the field.
Ultimately, if IT is expected to drive innovation and growth, it requires individuals with the relevant abilities. IT managers may already be complaining about the lack of skills within their teams, but the situation is only going to be exacerbated if the required steps aren't taken now.
Contributed by Nigel Hawthorn, chief European spokesperson, Skyhigh Networks