Accenture News

Cost of Cybercrime Continues to Rise for Financial Services Firms

Malicious insider attacks are the most expensive and lengthy attacks to resolve NEW YORK; July 16, 2019 – The cost to address and contain cyberattacks is greater for financial services firms than for companies in any other industry and the containment costs continue to inch
/
Accenture News

Bank investments in technology not yet driving significant revenue growth: Accenture

NEW YORK (Reuters) - The $1 trillion invested by traditional banks globally over the past three years to improve their technology has not yet delivered the revenue growth that had been expected, according to an Accenture report released on Thursday. The consultancy analyzed more than
/
Steve Prentice CloudTweaks

Why Certification Matters for Cloud Service Providers

Certification for Cloud Service Providers

The concept of “cloud” has become more of a norm for companies and organizations worldwide. Most now use cloud service providers (CSPs) for some part of their business, and cloud has grown from simply being an IT concern to a C-level concern. Debate continues over the varieties of cloud available, such as on-premise, hybrid, public and private, and it is an industry that according to Global Industry Analysts, Inc., will reach over $127 billion by the end of the year.

CSP Problems

Since so much data is now being stored on cloud servers, CSPs must be vigilant and proactive to ensure their clients’ vital digital property is never compromised, infected, or held for ransom. The potential for damage extends well beyond simple data loss; companies can face litigation, fines, and destruction of their reputation and brand if their cloud platform is breached.

Cloud security is a joint responsibility: organizations bear some obligation to protect their data, but so, too, do the CSPs themselves. As a result, many CSPs realize that despite the substantial technology and human expertise they have at their disposal, the threats are varied and persistent. They must seek to stay one step ahead to continue serving as a trusted technology and security advisor to their clients. This is when certification can make a big difference.

While there are many compliance certifications that CSPs maintain, having certified cloud security professionals on staff, and also having them as third-party contractors, provides an opportunity for CSPs to bolster their reputation and expertise. This is especially useful when customers have reservations about cloud computing. Cloud security certification confers credibility and helps reassure the customer of a CSP’s status as a trusted technology and security advisor in the cloud.

The Power of the CCSP Designation

Certification for Cloud Service Providers 

The CCSP (Certified Cloud Security Professional) designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

Why should anyone pursue such a designation, and why should CSPs or their clients care about it?

As highly trained experts, CCSPs work either within an organization or as external contractors. Their role is to stay ahead of the trends, threats, and other developments that the often-overtaxed members of an internal IT team have little time to review. These include:

  • Assessing the viability and security of APIs
  • Detecting compromised credentials, poor password hygiene and insufficient authentication, including one-off activities like forgetting to de-activate the credentials of people who have left the project or company.
  • Incorporation of multifactor authentication
  • Assessing the CSP’s security around the identity platform
  • Evaluating the potential for a cloud application to be used as an attack launchpad
  • Scanning for vulnerabilities and bugs
  • Scanning for sabotage or people acting as weak links
  • Training and consulting on employee awareness against phishing and other forms of external attack
  • Training employees on the use of BYOD devices

CCSPs assist with software and patches, vulnerability testing, auditing and training/awareness programs based on the most up-to-date knowledge. They are also well-versed in discussing strategy, planning and crisis management with people outside the IT department, specifically the executive.

The Need for Constantly Updated Risk Awareness and Mitigation

Attacks come from every type of connection point; not just cloud, but every other type of technology that touches a company, such as SaaS services, BYOD devices, even phishing emails. According to some experts, more than 400,000 new malware instances are recognized daily.

Cloud service providers must be able to protect themselves as well as their customers, while simultaneously staying competitive, through innovation, scalability, and reliability. Much like a physician who must stay healthy while supporting the health of her patients, CSPs must be constantly on guard for threats and must stay permanently up-to-date. They must use tools and configurations that are very different from those that they give to their customers, for example, the technologies and protocols specific to hypervisor environments, which must remain isolated from their customers’ own structure.

CCSPs must also ensure their clients keep tabs on cloud security challenges that happen on an individual level, for example, when employees either choose or unwittingly start to use convenient commercial “DropBox-style” cloud storage providers or even infected USB drives. When they use these technologies, employees inevitably lead their companies into situations of heightened vulnerability by circumventing established security protocols.

The Need to Constantly Deliver Proof of Security

Ultimately, cloud service providers must satisfy the customer’s concerns around a range of issues. These include transparency regarding where the data resides and how it is being protected; proof of a CSP’s ability to protect that data; proof of experience and up-to-date capability, and a guarantee of available resources and expertise.

CCSPs give cloud service providers the capacity to build, operate, and demonstrate a security policy that can be proactive, and which is also able to react with great speed, accuracy, and completeness.

The CCSP allows the cloud service provider to remain a trusted advisor and a trusted repository of their customers’ vital data, prosperity and reputation.

Sponsored series by (ISC)². For information on CCSP, check out this infographic or visit the (ISC)² website at www.isc2.org/ccsp.  

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Object Storage for Your Backups

Don’t be held hostage by Ransomware: 7 Prevention Tips

Ransomware Prevention Tips Ransomware can bring your business to its knees. Whether it comes as a system- or network-wide infection, it can do a severe ...
Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean angry communications from employees and ...
Numeraire Cryptocurrency

Digital Cashless Society: Dystopian Nightmares or Utopian Dreams

Digital Cashless Society A truly digital cashless society was long the realm of dystopian nightmares (or utopian dreams depending on how you look at it), ...
Cloud Monitoring and Data Performance Services

Cloud Monitoring and Data Performance Services

CLOUD PERFORMANCE MONITORING Monitoring and evaluation in cloud computing are essential processes. They determine whether a company’s applications on the cloud are effective, safe, and efficient ...
MIT tech review

A new microchip aims to stump hackers with a constantly moving target

/
Morpheus repeatedly changes key parts of its code to foil cyberattacks Last year’s revelations of security holes that affect billions of chips have spurred researchers to seek more effective ways ...
NYT

Elon Musk wants to reach your brain

/
An implant that can be inserted into the brain is just some of the technology Elon Musk-backed company Neuralink plans to create. In a first, the company publicly revealed some ...
Cisco News

Should governments pay extortion payments after a ransomware attack?

/
When it comes to ransomware attacks this year, it’s been a tale of three cities. In May, the city of Baltimore suffered a massive ransomware attack that took many of its systems ...

Cloud Community Supporters

ISC2
Amazon
Ring Central
CA Technologies
Cisco

Community support comes from comic licensing, sponsorship, service opportunities and collaborative network partnership initiatives.