Peter HJ van Eijk

New Cloud Security Certification In A Maturing Industry

New Cloud Security Certification

Cloud security certification is getting a new dimension. At the RSA conference earlier this month the Cloud Security Alliance (CSA) and (ISC)² announced a new cloud security certification: Certified Cloud Security Professional, or CCSP for short.

(ISC)² is most famous for its flagship certification: Certified Information Systems Security Professional or CISSP. More than 100,000 professionals maintain this certification and it is widely recognized. The Cloud Security Alliance pioneered the cloud security field a few years ago, and runs the CCSK (Certificate of Cloud Security Knowledge) programme.

cloud-security-certification

The CCSP body of knowledge covers 6 domains:

  • Architectural Concepts and Design Requirements
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal and Compliance

CCSP is supposed to be a more extensive certification than CCSK. It has a more formal exam and a requirement for five years in IT of which three years must be spent in security and one year in cloud computing. On top of that, similar to CISSP, there is a requirement to uphold the certification by earning CPE (continuing professional education) points.

It is a sign of a maturing industry that these two forces are combining their best practices. Cloud computing has left the pioneering stage, and there are currently multiple cloud providers that count their yearly revenue in the billions of dollars.

jim-reavisMany enterprises have told us that cloud computing is becoming their primary IT system,” says Jim Reavis, CEO of the Cloud Security Alliance. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The program we have developed with (ISC)² creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”

While (ISC)² coming to the game underlines the relevance and maturity of cloud security, there will be some questions left for people who either have or are pursuing CCSK certification. (Disclaimer: I am an active CCSK trainer, and I wrote one of the chapters of the CCSP study guide.)

According to the founding fathers of CCSP, both certifications will co-exist. The (ISC)² website states: “The typical cloud security professional will likely achieve the CCSK first, and then the CCSP credential. Attainment of the CCSK can also be substituted for the one year of cloud security experience

Other text on the website suggests that CCSK can be seen as somewhat of a broad base, on top of which CCSP is built as a more extensive certification. However, in my experience as a CCSK trainer, even though CCSK is a good introduction into cloud security, it is not shallow. It takes a few days of dedicated training and study to pass the exam.

cloud_57

So is there any sense in still going for CCSK, or should you wait for CCSP to become available? To answer that question you first need to consider why you would want to take the training and the certification. If you want to collect badges, you might want to attain both certifications. If you need to address cloud security in your job right now, it makes sense to do CCSK soon. Participants in my CCSK training report that it helps them now in their day jobs, even more so if they take it as a team. Looking at the CCSP release schedules gives the impression that general availability of training is still at least months away. On the other hand, if you are already very knowledgeable and experienced in cloud and cloud security, CCSK may not add much to your current business value other than public recognition.

By Peter Hj van Eijk

Peter HJ van Eijk

Peter HJ van Eijk develops and delivers cloud computing training programs. He has delivered these programs dozens of times in the US, Europe, Middle-East and Asia to a wide variety of participants.

He has worked for Deloitte Consulting, IT supplier EDS, internet providers, and at the University of Twente, where he received his PhD in 1988. He is a board member of the Dutch Cloud Security Alliance Chapter.

Peter is a certified trainer for CSA Certificate of Cloud Security Knowledge (CCSK), CompTIA Cloud Essentials, Virtualization Essentials and Cloud Technology Associate. He wrote these courses or contributed to them.

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use cases and applications. Hence, it’s not surprising that of the Fortune 50 enterprises, 48 have ...
Design + Cloud + 3D Printing = Real Objects Anywhere

Design + Cloud + 3D Printing = Real Objects Anywhere

Design + Cloud + 3D Printing Got an idea for a new gadget or do you need a unique part? Just reach out to Staples and they will print out the physical object and ship ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data and protect against data loss in the event of an IT outage or security incident ...
Understanding Cloud Pricing Models

Trends in MarTech to Look Out for This Year

Trends in MarTech Marketing technology, or MarTech, has come a long way with a landscape that is steadily growing. In 2016, the MarTech landscape has nearly doubled in size, with no signs of stopping. The ...
Data Visualization 101: How, What, Why?

Data Visualization 101: How, What, Why?

Data Visualization 101 “A picture is worth a thousand words.” This old, English idiom could not ring more true than in today’s fast-paced, digital age – the big data age. At a time when we ...
The Lighter Side Of The Cloud - Snowball Effect
The Lighter Side Of The Cloud - The Backup Reminder
The Lighter Side Of The Cloud - The Apple Watch
The Lighter Side Of The Cloud - Turmoil
The Lighter Side Of The Cloud - Machine Learning
The Lighter Side Of The Cloud - Day 5
The Lighter Side Of The Cloud - Without A Signal
The Lighter Side Of The Cloud - Virtual Office Space
The Lighter Side Of The Cloud - The Money Grab

CLOUDBUZZ NEWS

Scale your Windows Azure application

Azure the cloud for all – highlights from Microsoft BUILD 2018

Last week, the Microsoft Build conference brought developers lots of innovation and was action packed with in-depth sessions. During the event, my discussions in the halls ranged from containers to dev tools, IoT to Azure ...
Artificial Intelligence to Add US$182 Billion to UAE Economy by 2035, Accenture Research Shows

Artificial Intelligence to Add US$182 Billion to UAE Economy by 2035, Accenture Research Shows

Financial services, healthcare, and transport and storage industries likely to see the biggest gains DUBAI, United Arab Emirates; May 21, 2018 – Artificial intelligence (AI) has the potential to boost economic growth in the United ...
Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

FRAMINGHAM, Mass. May 15, 2018 – Worldwide revenues for IT Services and Business Services totaled $502 billion in the second half of 2017 (2H17), an increase of 3.6% year over year (in constant currency), according to ...