How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers

If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? It’s not just robust security or scalability. Much of your credibility will come from a heightened level of transparency that will resonate with the internal IT department and the C-suite.

It is a given that the concept of cloud technology has become more normalized over the past few years. Most companies now have a plan in place for migration and operation, and much of the discussion centers around which types of cloud to focus on: private, public or hybrid, and who to use as the provider. But this still requires a commitment on the part of a company to let go of its data and its processes, and hand it all over to an outside party.

Consequently, this places a requirement on the CSP to not only make good on the physical end of the deal – having a robust and secure platform to host the data – but also to remain transparent and provide solid evidence of its trustworthiness. A key point here is that robust security is not enough. There must be clear proof of this security, delivered in a fashion and frequency that will satisfy. It is not negotiable.

Part of the reasoning may stem from high-profile leaks and breaches that occur with disturbing frequency, but a major part of the concern will come from the fact that CSPs are external companies with their own rules and governance. Clients will constantly worry about a cloud provider’s ability to remain secure and reliable in all areas of its operations, and they will compare it to what they know best – their own in-house rules, regulations, and security. A CSP that fails to prove that it is equal or better than their clients’ own systems will not succeed.

The Problem with Being Focused on Security

Often a company that is a specialist in one area will inevitably lack somewhere else. It is expected that a CSP will focus intently on robust security, scalability, and accessibility, but this makes it easy for it to overlook the bedside manner that clients expect. Also branded as “customer experience” (CX), bedside manner is the art of communicating with the client and managing their customers’ expectations and worries. CSPs must be able to deliver on this.

Rich Campagna ‎the CEO of cloud security provider Bitglass. “If you compare cloud security to premises security,” he says, “often the two types of services are solving similar issues with similar technology, like encryption and data. But the big challenge and difference with cloud is that in the premises world you can stack or layer many security technologies together, which you cannot do in the cloud.” This is just one example of the types of security concerns a customer will experience, and which need to be clearly communicated by a CSP to prove they have a better, more secure method.


With security being such a multi-layered and ever-evolving challenge, it only makes sense that a cloud service provider should reach out and work with cloud security specialists whose sole purpose is to be the go-to expert and problem solver. This is precisely what a Certified Cloud Security Professional (CCSP) does.

In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This in turn can help the CSP to communicate, strategize, and deliver to their own customers the necessary evidence of superior security and permanent transparency.

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The need for such actions might seem self-evident, but as is often the case in busy, high-tech companies, the human touch goes missing due to the sheer busy-ness of the operation. What cannot be overlooked, however, is that this type of “human-touch” is not superficial feel-good verbiage. It is the tangible proof that a company’s most valuable asset – its data – is safe.

A recent report released by the Enterprise Management Association (EMA) points out that “annoyance with lack of vendor support” is a key source of disappointment among customers. It continues, “executives were not aware that the monthly or annual subscription they purchased did not include full support…[and even] customers purchasing higher-end support may still have difficulty getting access to adequate levels of hands-on expertise.” This is another example of where CSPs can “drop the ball.” The consequent disappointment felt by a nervous customer will radiate out into its sense of trust, and this has the capacity of completely destroying whatever reputation the CSP has already worked hard to build.

It may be unfair to suggest that a CSP drops a few points down the scale even when its security is already top-notch. But this is the truth of the matter. Customers must feel confident, and if the evidence of rock-solid security is not there, they won’t. Negative experiences tend to turn customers’ eyes either toward the horizon, looking for a new supplier to take care of the next stage of their cloud journey, or inwards, to bring everything back in-house.

A CCSP provides a CSP with some of the transparency and credibility skills to mitigate this risk, and ensure the relationship between CSP and customer remains as secure on the trust front as it does on the technical one.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website


Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks New tools and technologies help companies in their drive to improve performance, cut costs and grow their businesses ...
Death of Traditional Enterprise Storage

Death of Traditional Enterprise Storage

Traditional Enterprise Storage Back in 2003, Chris Pinkham and Benjamin Black, two engineers working for, proposed a dramatic overhaul ...

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
Breakthroughs in Clinical Trials Utilizing the Power of the Cloud

Breakthroughs in Clinical Trials Utilizing the Power of the Cloud

Cloud Computing and the Medical Field Clinical trials play an essential role in the drug development process by effectively demonstrating the ...
Avoiding Obsolescence In The Cloud

Avoiding Obsolescence In The Cloud

The Cloud I was amused to discover this week that Microsoft aren’t supporting Internet Explorer 8 or 9 – with ...
Predictions For The Enterprise - Interconnected Cities

Predictions For The Enterprise – Interconnected Cities

Predictions For The Enterprise The IoT will be reality In 2016, we’ll work smarter, not harder. Human beings, appliances, homes, ...


Dropbox heads for trading debut after upsized IPO pricing

Dropbox heads for trading debut after upsized IPO pricing

(Reuters) - Having topped expectations with the upsized price of its initial public offering, Dropbox Inc on Friday faces its next big challenge: a successful launch of trading when global stock markets are the defensive ...
IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

First-ever IDC Smart Cities Spending Guide Expects Technologies Enabling Smart Cities Initiatives to Reach $28.3 Billion in 2018 SINGAPORE, March 23rd, 2018 – Asia/Pacific (excluding Japan) on the technologies that enable Smart Cities initiatives is expected ...
BMW delays electric car mass production until 2020 for cost reasons

BMW delays electric car mass production until 2020 for cost reasons

FRANKFURT (Reuters) - BMW has held back the mass rollout of electric cars until 2020 because current fourth generation electric car technology is not profitable enough for volume production, Chief Executive Harald Krueger said. “We ...
Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...