Must-have Skills for Cloud Security Architects

Many organizations are moving quickly to the cloud. It’s critical that these organizations implement sound architectures to protect the enterprise from intrusions and threats.

Envisioning and implementing cloud computing security now demands a new mindset, spanning multiple disciplines. Cloud security architects, as well as other security and risk management technical professionals, have to acquire and cultivate emerging skills to ensure that they correctly select and put in place a balanced set of controls for security technologies, processes and the overall architecture. Different cloud deployments in differing environments will require a varied set of skills.

Many unknowns may arise as organizations move to the cloud. Security architects (and those aspiring to the role) must consider how to trust other people’s data centers and ensure that the architecture is safe from intrusion or attack. They need to build the right architecture to leverage new and emerging tools while maintaining needed compliance, and they have to build the necessary skills and disciplines to do these things effectively.

The role of cloud security architect has evolved from several organizational positions, such as system architect, enterprise architect or business solutions architect for security. As a result, the cloud security architect must understand the key disciplines within those roles and how they relate to the organization’s cloud security architecture. 

It’s not practical to expect security architects to try and learn everything, so they must prioritize and determine which skills will help them deliver effective security architectures. Cloud service providers and third-party vendors offer up-to-the-minute capabilities to create effective defenses. Architects will have to learn how to fulfill their cloud security requirements with these new capabilities.

The key responsibilities of the cloud security architect are based on the fundamentals of a sound cloud security strategy. Planning, owning and managing the strategy and architecture will be done in partnership with others in the cloud security team and across the enterprise to ensure security in the cloud.

Cloud security architects will also need to understand and participate in the selection of cloud security tools and controls, including existing enterprise tools that can extend into the cloud, cloud-native security controls and third-party offerings. In addition, these architects will inform the effort to plan where these tools and defenses should be deployed within the cloud security architecture.

Selecting and prioritizing what skills to learn can be clarified by describing the current relevance of the skill, its potential impact on the cloud security architecture, and the challenges in learning and applying the skill. Assess whether these skills are relevant in modern cloud security architecture and whether they align to key challenges or pain points your organization faces. Choosing skills aligned to areas of interest and organizational needs makes learning new ones more enjoyable and applicable.

Determine how these skills will improve cloud security. Knowing if a skill will improve the organization’s security posture directly or indirectly will have an impact on the architecture. Also, be aware that higher-value skills will likely be more difficult to learn from scratch, so take existing knowledge into account when reviewing the learning curve. Be sure to factor in those things that may impede the implementation of a skill into the organization and its ecosystem.

Some Gartner clients can read more in Essential Skills for Cloud Security Architects.