Companies must deal with the growing problem of the security skills gap

The rate of technology change is accelerating, but people are struggling to learn new skills fast enough to keep up

In the fast-moving world of IT, it is easy for the pace of technology change to exceed the rate at which staff can learn new skills, even among senior figures. This is particularly noticeable in the realm of data, which is growing exponentially.

Colin Fernandes has worked in IT for more than 25 years, with positions from database administrator at JP Morgan to his current EMEA product market development director at Sumo Logic. At Computing's Enterprise Security and Risk Management Live event last week, he admitted, "I sometimes feel like legacy."

"I'm learning about Kubernetes, but I'm [already] running a very large deployment. I have to learn Docker. I have to understand that my world is changing; I have to understand [everything from] on-prem to multi-cloud. Things are just thrown at people."

New technologies are prolific in many key areas: machine learning, data visibility, storage and communication are just a few. Adopting these new applications can pose a security challenge, adding complexity to the software stack.

Sumo Logic's 2018 Global Security Trends in the Cloud showed that companies worldwide face a security skills gap, with almost two-thirds (63 per cent) of staff needing broader technical expertise.

The same survey showed that companies suffer from a lack of data visibility (half of legacy tools are ineffective at providing this); legacy silos (57 per cent of companies need greater collaboration capabilities); and data overload (more than 50 per cent of staff say that they are ‘overloaded').

"Data overload...is happening now, and we have proof that that data is growing extremely fast," said Fernandes (Sumo Logic ingests about 150 petabytes of data every day). "The ratio of skills to the analysing of that data is pretty high."

"What you find that people actually do is focus on the wrong types of data - then you don't actually get the complete value of understanding your security posture, your compliance and your operational visibility around that particular service."