By Phil Won, product manager with Owl Cyber Defense
Even more difficult than getting approval for an added headcount to address your cybersecurity concerns is finding the right person to fill that hard-fought opening. There are two factors at work in this HR challenge. The first is the competition to find a cybersecurity worker and the second is to ascertain whether the worker has the right skillset and technical knowledge to meet the needs of the position.
314,000 and 1.8 million—the number of cybersecurity job openings in the US market in 2019 and the number of global cybersecurity workforce shortage projected by the year 2022, respectively. These numbers are great if you are a college student majoring in cybersecurity, but they are worrisome if you are an organization trying to protect critical assets and confidential properties (both physical and intellectual). When you put these two contrasting need and workforce trends together, the resulting gap has proven to create material deterioration in a company’s security readiness.
In the oft referenced study of the international shortage in cybersecurity skills conducted by Center for Strategic and International Studies, the solution to the skills shortage for most of the respondents was to rely on cybersecurity technology and outsourcing to experts. But even a cursory search of the available cybersecurity products and solutions reveal a bewildering number of offerings.
It is easy to get drawn to the latest and greatest shiny technology but most commercial customers want a solution that will meet their security requirements, with an affordable price, that is quick to deploy and easy to maintain—in other words, they are interested in the “Total Cost of Ownership.” Many cybersecurity solutions require specialized knowledge, training, or expert resources that already have those skillsets, which can raise the cost significantly by requiring dedicated personnel or outsourced assistance. So then you’re back to first base and smack dab into the workforce shortage that drove you to third party solutions to begin with.
Data diodes offer a category of devices that can help mitigate issues created by the cybersecurity skills shortage. They are hardware-based solutions that are unhackable in their inherent design (physically enforced, rather than enforced by software configuration or policy), which obviously makes them highly secure. As an added benefit, they do not require dedicated resources to constantly maintain and keep up to date with rule revisions and patches.
This has proven particularly helpful to industrial and CI organizations which are primarily dedicated to uptime and safety, rather than cybersecurity. Once the data diode is set up (usually within minutes) the system simply works and is usually left alone until the next patching window (for feature upgrades and optimization).
In a world of increasing numbers of unsecured connections and continuous streaming of proprietary data to the cloud, data diodes can protect your network and alleviate risks while requiring only a fraction of the cybersecurity and IT resources in comparison to commonly utilized solutions like firewalls and expensive threat analysis tools.