Advancing Digital Transformation with Talent Upskilling

In recent years, digital transformation and modernization initiatives have gained a significant uptick across industries as part of their efforts to remain viable in an increasingly saturated market.

According to F5's latest State of Application Services (SOAS) report, which surveyed nearly 2,600 respondents globally (with 1,300 respondents in Asia Pacific), four out of five organizations in Asia Pacific have reported the integration of digital strategies as part of their plans to increase productivity, boost efficiencies, and enhance customer experiences. These strategies can easily range from adopting IoT devices and networks, implementing internal and external-facing applications for business automation, all the way to moving their entire infrastructure to the cloud.

But as organizations begin to adopt digital services and form far more complex environments with higher traffic data, their attack surface widens substantially. Such challenges are still pertinent due to the talent shortage faced by the security industry today, with findings from the SOAS report revealing that 76 percent of organizations carry a security skills gap, with more than half (53 percent) attributing it to the indiscipline of protecting their applications from attack and breach.

As a further indicator of such estimates, the (ISC)2 2019 Cybersecurity Workforce Study also reported that there are currently more than 2 million unfilled vacancies in the cybersecurity sector in Asia Pacific. And while the short and obvious solution to closing this skills gap would be for organizations to invest more in outsourcing the right talent, the skills they carry may also risk becoming inadmissible as technology advances, making such efforts unsustainable.

So, there lies the question – how can we best approach this security skills shortage and turn it into an opportunity?

Building a robust technology ecosystem through collaboration

India currently faces a severe shortage of well-trained, skilled workers – it is estimated that only 2.3% of its workforce has undergone formal skill training, making large sections of the educated workforce largely unemployable. Launched in February 2018 at Hyderabad by Prime Minister Narendra Modi, the Future Skills PRIME (Programme for Reskilling/Upskilling of IT Manpower for Employability) initiative aims to reskill the IT industry workforce in emerging technologies and job roles such as artificial intelligence, cybersecurity and blockchain.

But as the search for IT talents continues to rise, a more comprehensive and collaborative approach needs to be taken. Rather than placing full reliance on our country’s Digital India plans, both the government and organizations must take proactive measures together to develop an effective and sustainable security strategy.

The Indian government and major private players are working together at multiple levels to boost cybersecurity across India. For example, Microsoft set up the Cyber Security Engagement Centre to strengthen the cooperation with Indian businesses, government and academic organizations on cybersecurity, and increase its contribution towards securing Indian computer and internet users from cybercrime threats. To address the security skills gap, similar measures of fostering strong collaboration between the government and organizations should also be put into place as both parties work toward a shared goal of driving innovation.

DevSecOps to the rescue

As organizations move their legacy applications to the cloud as part of their digital transformation efforts, implementing a DevSecOps approach can also play a part in bridging the security skills gap. In fact, a Gartner survey reports that 80 percent of development teams will be incorporating DevSecOps approaches by 2021, up from 15 percent in 2017. With DevSecOps, security now becomes a shared responsibility across software development and IT operations teams – with an end goal of deploying faster, more efficient, and secure software.

This integrative and collaborative nature of DevSecOps will allow security teams that once worked in silos to enable developers to adopt security controls that automate security into the pipeline, and ultimately lessen the demands and pressures faced by organizations from the current security skills shortage.

As technology becomes the linchpin for the economy, organizations need to generate sustainable opportunities and initiatives to help ride this growth. Rather than adopting a passive mindset and placing reliance on government efforts, organizations should also play a role in bridging the current security talent deficit. With the right tools in place, the possibilities to establish a talent pipeline that progresses just as fast the industry are endless.

Edgar Dias
Managing Director India & SAARC F5 networks