New Cloud Security Certification In A Maturing Industry

New Cloud Security Certification

Cloud security certification is getting a new dimension. At the RSA conference earlier this month the Cloud Security Alliance (CSA) and (ISC)² announced a new cloud security certification: Certified Cloud Security Professional, or CCSP for short.

(ISC)² is most famous for its flagship certification: Certified Information Systems Security Professional or CISSP. More than 100,000 professionals maintain this certification and it is widely recognized. The Cloud Security Alliance pioneered the cloud security field a few years ago, and runs the CCSK (Certificate of Cloud Security Knowledge) programme.

cloud-security-certification

The CCSP body of knowledge covers 6 domains:

  • Architectural Concepts and Design Requirements
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal and Compliance

CCSP is supposed to be a more extensive certification than CCSK. It has a more formal exam and a requirement for five years in IT of which three years must be spent in security and one year in cloud computing. On top of that, similar to CISSP, there is a requirement to uphold the certification by earning CPE (continuing professional education) points.

It is a sign of a maturing industry that these two forces are combining their best practices. Cloud computing has left the pioneering stage, and there are currently multiple cloud providers that count their yearly revenue in the billions of dollars.

jim-reavisMany enterprises have told us that cloud computing is becoming their primary IT system,” says Jim Reavis, CEO of the Cloud Security Alliance. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The program we have developed with (ISC)² creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”

While (ISC)² coming to the game underlines the relevance and maturity of cloud security, there will be some questions left for people who either have or are pursuing CCSK certification. (Disclaimer: I am an active CCSK trainer, and I wrote one of the chapters of the CCSP study guide.)

According to the founding fathers of CCSP, both certifications will co-exist. The (ISC)² website states: “The typical cloud security professional will likely achieve the CCSK first, and then the CCSP credential. Attainment of the CCSK can also be substituted for the one year of cloud security experience

Other text on the website suggests that CCSK can be seen as somewhat of a broad base, on top of which CCSP is built as a more extensive certification. However, in my experience as a CCSK trainer, even though CCSK is a good introduction into cloud security, it is not shallow. It takes a few days of dedicated training and study to pass the exam.

 

So is there any sense in still going for CCSK, or should you wait for CCSP to become available? To answer that question you first need to consider why you would want to take the training and the certification. If you want to collect badges, you might want to attain both certifications. If you need to address cloud security in your job right now, it makes sense to do CCSK soon. Participants in my CCSK training report that it helps them now in their day jobs, even more so if they take it as a team. Looking at the CCSP release schedules gives the impression that general availability of training is still at least months away. On the other hand, if you are already very knowledgeable and experienced in cloud and cloud security, CCSK may not add much to your current business value other than public recognition.

By Peter Hj van Eijk

Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...
Louis
Why Services CPQ Is Too Slow Today When PS organizations compete in sales cycles, the first competitor to have a complete quote with accurate pricing, schedules, and an engagement plan will often win. However, getting ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.