Peter HJ van Eijk

New Cloud Security Certification In A Maturing Industry

New Cloud Security Certification

Cloud security certification is getting a new dimension. At the RSA conference earlier this month the Cloud Security Alliance (CSA) and (ISC)² announced a new cloud security certification: Certified Cloud Security Professional, or CCSP for short.

(ISC)² is most famous for its flagship certification: Certified Information Systems Security Professional or CISSP. More than 100,000 professionals maintain this certification and it is widely recognized. The Cloud Security Alliance pioneered the cloud security field a few years ago, and runs the CCSK (Certificate of Cloud Security Knowledge) programme.

cloud-security-certification

The CCSP body of knowledge covers 6 domains:

  • Architectural Concepts and Design Requirements
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal and Compliance

CCSP is supposed to be a more extensive certification than CCSK. It has a more formal exam and a requirement for five years in IT of which three years must be spent in security and one year in cloud computing. On top of that, similar to CISSP, there is a requirement to uphold the certification by earning CPE (continuing professional education) points.

It is a sign of a maturing industry that these two forces are combining their best practices. Cloud computing has left the pioneering stage, and there are currently multiple cloud providers that count their yearly revenue in the billions of dollars.

jim-reavisMany enterprises have told us that cloud computing is becoming their primary IT system,” says Jim Reavis, CEO of the Cloud Security Alliance. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The program we have developed with (ISC)² creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”

While (ISC)² coming to the game underlines the relevance and maturity of cloud security, there will be some questions left for people who either have or are pursuing CCSK certification. (Disclaimer: I am an active CCSK trainer, and I wrote one of the chapters of the CCSP study guide.)

According to the founding fathers of CCSP, both certifications will co-exist. The (ISC)² website states: “The typical cloud security professional will likely achieve the CCSK first, and then the CCSP credential. Attainment of the CCSK can also be substituted for the one year of cloud security experience

Other text on the website suggests that CCSK can be seen as somewhat of a broad base, on top of which CCSP is built as a more extensive certification. However, in my experience as a CCSK trainer, even though CCSK is a good introduction into cloud security, it is not shallow. It takes a few days of dedicated training and study to pass the exam.

cloud_57

So is there any sense in still going for CCSK, or should you wait for CCSP to become available? To answer that question you first need to consider why you would want to take the training and the certification. If you want to collect badges, you might want to attain both certifications. If you need to address cloud security in your job right now, it makes sense to do CCSK soon. Participants in my CCSK training report that it helps them now in their day jobs, even more so if they take it as a team. Looking at the CCSP release schedules gives the impression that general availability of training is still at least months away. On the other hand, if you are already very knowledgeable and experienced in cloud and cloud security, CCSK may not add much to your current business value other than public recognition.

By Peter Hj van Eijk

Peter HJ van Eijk

Peter HJ van Eijk develops and delivers cloud computing training programs. He has delivered these programs dozens of times in the US, Europe, Middle-East and Asia to a wide variety of participants.

He has worked for Deloitte Consulting, IT supplier EDS, internet providers, and at the University of Twente, where he received his PhD in 1988. He is a board member of the Dutch Cloud Security Alliance Chapter.

Peter is a certified trainer for CSA Certificate of Cloud Security Knowledge (CCSK), CompTIA Cloud Essentials, Virtualization Essentials and Cloud Technology Associate. He wrote these courses or contributed to them.

CONTRIBUTORS

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, ...
5 Simple Tips to Help Avoid Ransomware

5 Simple Tips to Help Avoid Ransomware

5 Tips to Avoid Ransomware Ransomware is a particularly pernicious form of malware: unsatiated by simply using your system as ...
Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

The Malware Cloud Concern This year we’ve had two cyber attacks in which malware was used to cripple government computer ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
Cloud Computing In Education

Cybersecurity Policies Must Address Internal Threats

Cybersecurity Policies The contentious U.S. election campaign offered up many highlights, but the aftermath of election night – explosive cyberattack ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information ...
Over 100 New Ransomware Families Discovered Last Year

Over 100 New Ransomware Families Discovered Last Year

100 New Ransomware Families The world in 2016 sees a rapid rise of ransomware attacks that are increasingly targeting specific ...
Secure Business Agility

Why Information Security Need to be Empowered to Manage Data Breaches

Manage Data Breaches 2017 saw over 2 dozen major security breaches in 2017.  While the public may have grown numb to ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...