Security skeptics still dismiss cloud computing as unreliable and insecure -- but ready or not, it's catching on If you’re among the skeptics who dismiss cloud computing as a mere buzzword, take heed: Major organizations have already started their transition into the cloud. If you work in the IT field, you’d best prepare, as your very career could be at stake.Critics of the cloud maintain it’s not sufficiently secure or reliable to truly become a major platform. What they don’t get is that their CEO gets cloud computing in a big way: It’s cheaper, and the bottom line rules the day for your average CEO, especially during a slow economic recovery. Your company sells widgets (or whatever) for a living. That’s the reason for its existence. Your company didn’t want a six-foot-high matrix of hardware sitting in air-conditioned, raised-floored, supercomputer room with a staff of a half-dozen people to manage each major app.[ Master your security with InfoWorld’s interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]CEOs know they can get rid of all that additional IT expense, including both hardware investments and staffing costs, by outsourcing to the cloud. Over the past decade, IT jobs were outsourced to cheaper foreign lands; this time, they’re being lost to the even-cheaper Internet. Still skeptical? Consider this: Even the security-conscious U.S. government has adopted a cloud-first policy through which federal agencies are required to default to cloud-based solutions whenever a reliable, cost-effective option exists. Even the General Services Administration is getting rid of its U.S.-only data storage requirements. For those of us with decades of experience in the public sector, this represents a huge mind shift from the federal government.The move toward cloud computing will impact IT jobs significantly. For example, if you set up server hardware for a living or if your job is focused on a single application that can be moved to the cloud, you should start preparing for cloud and data center jobs. Whereas I expect network security and IT security jobs will, in general, be in as much demand as they are now, the necessary skills will change. Security pros will have to learn to embrace external locations, in that most apps are going to reside in the cloud and run in the browser. Make sure your browser troubleshooting security skills and tools are top notch.Network security specialists will probably have the easiest time during the transition, because networks are still crucial to any cloud decision. The big difference will be that the traditional DMZ (or perimeter) design is dead. There will be private clouds, public clouds, and hybrids. Employees will contact all three, and more than likely, you’ll have external customers and business partners coming into your private cloud.You’ll also have to start rethinking how to defend your organization against attackers. Traditionally, a bad guy takes over a trusted user’s computer and, through it, accesses system resources. In the future, it’s likely that intruders will have their own authenticated identities and be able to roam around the cloud and its services. It will be harder to distinguish legitimate users from miscreants, as the latter will be employing cloud authentication and originating outside the physical enterprise.You can liken it to the challenges Microsoft and Google face in providing Web-based email services. Who is and isn’t an authorized user? It’s much harder to tell when you can’t completely control the originating authentication checks.This is the last call for nonbelievers. Cloud computing is here in a big way and will affect you soon, if it hasn’t already. Bone up on your cloud architectures and cloud authentication models. There are plenty of cloud computing resources on the Internet, if you take the time to read them.This story, “Your tech career depends on preparing for the cloud,” was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe