What you really need to know about Cloud Security Certifications is that they are still relatively new because the technology is still relatively new. Yes the cloud has been a round for a while but those having advanced protection knowledge because the technology changes so much due to advancements is rare. So this also means this is the time to jump in and become a pro as you will own the space if you know it well.
Cloud Computing acts as a bridge between users and resources like servers, networks, applications, storage, and services. The services offered by Cloud technology can be divided into three broad categories namely (1) Software as a Service (SaaS), (2) Platform as a Service (PaaS), and (3) Infrastructure as a Service (IaaS). The users can avail these services from the comfort of their home computers without actually owning any additional hardware. Broader network access, elasticity, on-demand measured services, and resource pooling are some of the characteristics of Cloud Computing. However, there are a number of security and legal issues associated with Cloud Computing. Security issues may include data breach, data loss, insider threats, human errors, and multi-tenancy (data residual issues). Similarly, data protection requirements, regulatory requirements, privacy requirements, and application of international laws are some of the core legal issues linked with Cloud Computing. Therefore, companies and organizations are always looking for experts who can rescue them from Cloud security and legal issues. In this regard, people having relevant Cloud certifications are given preference by the organizations. Following are four top rated Cloud security certifications that professionals can consider to prove their knowledge and skills required for securing the Cloud.
Certified Cloud Security Professional (CCSP)
CCSP is a globally recognized vendor-neutral Cloud security certification offered by The International Information System Security Certification Consortium (ISC)2. CCSP is a joint venture of (ISC)2 and Cloud Security Alliance (CSA). CSA is a globally recognized organization that is working on promoting best Cloud security practices among Cloud users including private organizations and government institutions. CCSP holders are considered expert in securing assets, designing security measures, and managing (securing) data, applications, and Cloud infrastructure. People having CCSP credential can easily secure the following job positions in the industry.
- Enterprise Architect
- Security Architect
- Systems Architect
- Security Engineer
- Security Administrator
- Security Manager
- Systems Engineer
CCSP certification requires five years of cumulative work experience in Information Technology before taking CCSP exam. The candidates must have 3 years of work experience in Information security and at least one year in any of the six domains of CCSP Common Body of Knowledge (CBK). People having CCSK (Certificate of Cloud Security Knowledge) can get one-year experience exemption in Cloud security domain. The six domains included in CBK are listed below.
1) Cloud Application Security
2) Cloud Data Security
3) Cloud Platform and Infrastructure Security
4) Architectural Requirements and Design Concepts
5) Operations
6) Legal and Compliance
Following is a new CCSP exam outline (effective from August 1, 2019). The exam questions are comprised of the aforementioned CBK domains.
| Total Number of Questions | 125 |
| Total Marks | 1,000 |
| Passing Score | 700 |
| Exam Duration | 4 Hours |
| Testing Language | English |
| Testing Centre | Pearson VUE |
PCS certification is offered by the Cloud Credential Council (CCC). CCC offers vendor-neutral certifications in the field of Cloud Computing, Internet of Things (IoT), Big Data, and Blockchain. PCS professionals are considered capable of securing Computing services and different Cloud deployment models. PCS certification is recommended for the following IT and Security professionals.
- Security Engineers
- Security Analysts
- Security Architects
- Cloud Computing services auditors
- Network Engineers
- Systems Administrators
- IT Risk Managers
- Audit and Compliance Managers
There is no pre-requisite to take PCS exam except the clear concepts of Cloud computing and security. PCS exam is based on the following modules. CCC offers an online course to go through all these modules for a better PCS exam preparation.
1) Security, Risks, and Governance in Cloud Computing
2) Physical and Operations Security
3) Security Management Controls in Cloud Computing
4) Advanced Cloud Security Management Practices
5) Network Security Management in the Cloud
6) Legal, Contractual, and Operational Monitoring in the Cloud
7) Business Continuity, Disaster Recovery, and Capacity/Performance Planning
PCS test is based on the following exam pattern.
| Total Number of Questions | 25 |
| Passing score | 65% |
| Exam Duration | 1.25 Hours |
| Exam Availability | English |
CCSS is a Cloud training certification that can be availed by joining a 3-day intensive Cloud training program. CCSS is offered by Global Science and Technology Forum (GSTF). GSTF started its operations in 2008, promoting Research & Development (R&D) projects, ICT training, and certifications. GSTF offers certifications in the field of Cloud Computing, Data Science, Internet of Things (IoT), Blockchain, and Machine Learning. The following professionals can avail CCSS certification to enhance their skills and expertise in Cloud security.
- Security Engineers
- Security Architects
- Cloud Security Auditors
- Network Engineers
- Systems Engineers
CCSS is a 3-days round the clock classroom-based training program that covers the security aspects of Cloud Computing. Candidates must have one of the following certifications to participate in CCSS training program.
1) Certified Cloud Computing Associate (CCCA) by GSTF
2) Certified Cloud Computing Specialist (CCCS) by GSTF
3) EXIN Cloud Technologies Advanced
Following is a brief overview of the security related course content covered in CCSS training sessions. The complete course outline can be found on the official GSTF reference link.
| Cloud Computing Models, and Architecture | · Quick Overview |
| Problems in Cloud Computing | · Data Theft · Data Integrity · Privacy Issues · Infected Applications · Security on User and Vendor level |
| Cloud Security Perspectives | · From User Perspective · From Service Provider Perspective · From Service Models Perspective |
| Security in Cloud Architecture Design | · Physical Security · Network Security · Platform Security · Infrastructure Security |
| Cloud Computing Security Taxonomies | · Types of Security Taxonomies · Need of Security Taxonomies |
| Security as a Service (SECaaS) | · SECaaS Introduction · Global Forecast of Cloud Security · Advantages and Disadvantages |
CCSK is proclaimed as “mother of all Cloud Computing certifications” by Cloud Security Alliance (CSA). It’s a vendor-neutral certification offered by CSA that validates users’ knowledge in key Cloud security departments. The following professionals are encouraged to earn CCSK certification to get recognized as expert in Cloud security.
- Information Security Consultant
- Information Security Manager
- Security Architect
- Security Analyst
- Security Consultant
- Compliance Manager
There is no experience required to take CCSK exam. CSA recommends the following two resources for the preparation of CCSK exam.
1) CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4
2) European Union Agency for Network and Information Security (ENISA) report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”
87% of the questions in CCSK exam are based on CSA’s Security Guidance while only 6% are based on ENISA report. The remaining 7% questions in CCSK exam are based on CSA’s Cloud Controls Matrix (CCM) v3.0.1. One can download these resources from CSA’s official website by requesting the download link. The exam details are mentioned below.
| Total Number of Questions | 60 |
| Questions Type | Multiple Choice Questions (MCQ’s) |
| Exam Duration | 90 Minutes |
| Passing Score | 80% |
| Exam Type | Online |
| Access Link | https://ccsk.cloudsecurityalliance.org/ |