When Europe’s General Data Protection Regulation (GDPR) came into effect in 2018, its effects were felt around the world, including in New Zealand, where organisations had to begin thinking very carefully about how they handled customers’ data.
Now, as New Zealand works towards passing its own Privacy Bill into law, local businesses will once again find themselves reviewing their data management systems and cyber security profiles in order to comply with the new regulatory landscape that will accompany the proposed legislation once its enacted.
As with GDPR, the new compliance requirements are likely to see businesses of all sizes turning to their external IT partners to help them navigate their way through the new landscape.
Perhaps nowhere is this need more pronounced than in the area of cloud computing, which lies at the centre of many organisations’ overarching digital transformation journeys. In this context, managed services providers (MSPs) are likely to find themselves tasked with providing some level of security coverage and assurance to their customers.
Indeed, a rising threat landscape, new regulatory compliance obligations and an increasing reliance on cloud are combining to deliver MSPs a perfect storm of opportunity when it comes to covering their customers’ growing cyber security needs.
However, taking advantage of that opportunity is easier said than done.
For starters, the local industry is in the midst of a massive skills shortage that only looks set to get worse over the coming years.
“If you look at the cyber security gap, how many people we need versus how many people were actually skilling, that gap is quite catastrophic at the moment,” said Tech Research Asia industry analyst Mark Iles during Reseller News Exchange: ‘Beyond the myths: How partners can master cloud security'.
A single job search in New Zealand can return over 600 cloud-related jobs and more than 400 cyber security-related jobs, Iles told audiences in Auckland and Wellington.
His analysis suggests that, given the current rate of graduates in the broader Australia and New Zealand region, it will take at least a decade to meet the demand that the industry in the region has at present. But, 10 years from now, that demand is expected to be substantially greater.
“So we have a significant gap actually in the region in terms of security skills,” Iles said. “So my takeaway to you is: this is a great thing to say, but what the hell do you do about it?”
Iles’ tip to the local industry? Stop poaching each others’ security talent and start developing new experts in the field.
“The real challenge is that you're gonna have to train your own security people, you're going to have to put the investment in,” Iles told partners at the events in Wellington and Auckland. “If you decide that you want to do more security, you're going to have to step up in conjunction with vendors, and I'm sure they'll help.
“You're going to have to do this, you're going to have to stop poaching from each other. It's just a big Chinese puzzle. Someone's got to hire some more people at some point, someone's got to train some more people; lean on vendors, I'm sure they'd be happy to help you build up skills in technology and security.”
Iles added that although vendors are indeed helping in various ways at present, they will have to ultimately lean further into the skills play if the broader industry hopes to begin meeting the dire need of security experts in the field.
“I don't think any of us really understand the significance this has,” Iles said. “We are so under-skilled and under-resourced in security, globally. We're not immune here either.
“It's the same story in New Zealand, the same story in Australia, and the same story in Singapore's, actually. The only way we're going to get out of this is more scaling and more education,” he added.
While there are challenges, industry demand for cloud security services is such that the opportunities are worth the investment vendors and partners are going to have to put into developing the skills they need to meet and take advantage of the broader market needs, which are only going to escalate as time goes by.
“It's a great opportunity, but we're all going to have to play a role in this,” Iles said.
An emerging opportunity
Just as skills is a problem that presents an opportunity for partners, so does the evolving regulatory landscape, with data privacy becoming an increasingly policed realm for organisations of all sizes.
Drawing upon Australia, whose data breach notification regime was passed into law in 2017 and came into effect in 2018, as an example, Iles pointed out that once the mandatory regulation came into effect, the country saw a rapid and substantial spike in reported data breaches.
Read more on the next page...