Certification scheme launched for cloud security
April 23, 2015
ISC² and the Cloud Security Alliance announced at this week’s RSA Conference in San Francisco the Certified Cloud Security Professional (CCSP) certification. The CCSP represents the skills required to secure the cloud, while establishing an international standard for professional-level knowledge in the design, implementation and management of cloud environments.
The two organisations developed the CCSP to meet a market need to ensure that cloud security professionals have the required knowledge, skills and abilities to audit, assess and secure cloud infrastructures. It complements and builds on existing certifications and education programmes, including ISC²’s Certified Information Systems Security Professional (CISSP) and CSA’s Certificate of Cloud Security Knowledge (CCSK).
The CCSK provides an indicator of baseline cloud security knowledge appropriate for almost any IT position. The CCSP credential builds on many of the areas covered by CCSK to provide deeper knowledge derived from hands-on information security and cloud computing experience. It validates practical know-how skills applicable to those professionals whose day-to-day responsibilities involve cloud security architecture, design, operations and service orchestration. The CCSP credential is intended for professionals who are heavily involved in cloud security via roles that are accountable for protecting enterprise architectures.
“It’s essential to have qualified IT professionals who understand how cloud services need to be securely implemented and managed within their organisations,” sais David Shearer, executive director at ISC². “We are pleased to collaborate with the distinguished Cloud Security Alliance to build this unique credential that combines the collective experience and research of both organisations and establishes a new benchmark for advanced cloud security knowledge and competence.”
According to the 2015 ISC² Global Information Security Workforce Study, 73 per cent of nearly 14,000 respondents believe that cloud computing will require information security professionals to develop new skills. Cloud computing was also identified as the top area of information security with growing demand for education and training within the next three years.
“Many enterprises have told us that cloud computing is becoming their primary IT system,” said Jim Reavis, CEO for the CSA. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices, which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The programme we have developed with ISC2 creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”
To attain CCSP, applicants must have a minimum of five years of experience in IT, of which three must be in information security and one year in cloud computing. All candidates must be able to demonstrate capabilities in each of the six CBK domains: architectural concepts and design requirements; cloud data security; cloud platform and infrastructure security; cloud application security; operations; and legal and compliance.
The CCSP exam will be available at Pearson VUE testing centres worldwide from July this year. Training seminars begin in June in the USA.
Formed in 1989, ISC² claims to be the largest not-for-profit membership body of certified information and software security professionals worldwide, with over 100,000 members in more than 160 countries.