READ detailS

Is Security-as-a-Service the solution to the UK skill shortage?

Few small-sized businesses have an in-house or a third-party cyber security expert on call, a recent survey shows.

It appears that only one in three organizations this type of expert working in their IT department, while 23 percent contract outside experts to handle security situations. But what’s truly alarming is that 55% of businesses have no access to IT security experts whatsoever.

This can have serious consequences for the security of UK businesses, both financially and in terms of reputation, by limiting their ability to answer and counteract cyber-security incidents as quickly as possible. And, as we know, responding to data breaches as soon as possible reduces costs and as well as prejudice in reputation and credibility.

Breaches identified in fewer than 100 days cost companies an average of $3.23 million, whereas those found after the 100-day mark cost $4.38 million.

Solving the UK skills shortage

IT skills shortage still tops the technology agenda. E-Skills UK, the IT sector skills council, says the industry needs about 140,000 entrants each year. Last year, there were 16,440 computer science graduates, according to the Higher Education Statistics Agency, leaving a shortfall of 120,000 per year.

And the gap widens as businesses continue to increase investments in their security operations through cloud computing adoption, driving up wages and demand for skilled security professionals. More than one third of business workloads now reside in private clouds, with a further 28 per cent being in public clouds.

To solve the skills shortage, companies have turned to in-house training programs for employees.  PricewaterhouseCoopers announced that it will hire 1,000 people for its cybersecurity consulting practice. The company also increased recruiting of new college graduates.

Another solution companies are considering is to partner with colleges offering cybersecurity programs and create internship positions inside their headquarters.

But probably one of the best long-term solutions is Security-as-a-Service. In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware.

Advantages of the SaaS model include:

  • Cost savings as the pay-as-you-go nature of SaaS means that businesses pay only for what they need without having to over-provision services or hardware needed occasionally, at times of peak demand.
  • Flexibility – as the business grows, it doesn’t need to invest in extra hardware, it can simply adjust the monthly subscription fee.
  • Easy upgrades as the cloud service provider deals with hardware and software updates, removing a significant workload from the company’s in-house IT department.
  • Resilience against disasters such as cyber-security attacks. Since the infrastructure and data are located in the cloud service provider’s datacenter, it’s easy to backup data in case something goes terribly wrong.

The global security as a service market is expected to grow with 12.63% in the following 4 years, according to Gartner.

A growing number of companies are turning to Managed Security Service Providers as an alternative to managing cybersecurity in-house. In fact, 80 percent of companies say that MSSPs are important to their overall IT security strategy.

To defend their networks from attacks amidst staff shortfalls, budget pressures and higher-risk cyber environments, security leaders are adopting managed security service providers with capabilities such as hunting, incident response and integration services. This frees in-house staff to focus on higher level risk management activities.

Although the cost for a SaaS application is often much less than for a managed service application, users pay for for special attention, maintenance and support, seamless upgrades, and the customization that MSPs can offer.