Essential Guide

Enterprise cloud security best practices for locking down your cloud

A comprehensive collection of articles, videos and more, hand-picked by our editors

SearchCloudSecurity's Cloud computing security certification guide

Certification expert Ed Tittel examines the growing number of cloud computing security certifications, both vendor-neutral and vendor-specific.

Cloud computing continues to be a hot-button topic for companies looking to reduce the total cost of ownership for server and end-user computers while offering automated expansion of computing capacity and better management of virtualized environments. Information security is equally a hot topic, what with numerous well-publicized security breaches among corporations, universities and government agencies weighing on IT professionals...

and C-level executives alike nowadays.

At the intersection of these two popular IT topics lies the emerging field of cloud computing security certifications. As an increasing number of information security and IT operations professionals shift their careers toward cloud computing security, a small but growing number of certifications have emerged in the cloud computing area of infosec, divided between vendor-specific certifications and vendor-neutral certifications.

This guide, an addendum to SearchSecurity's IT security certifications guide, examines the available cloud security certifications that can translate to better career opportunities -- and a higher salary -- for you as cloud security best practices and certifications continue to expand and mature.

Cloud certification level Vendor-specific Vendor-neutral
Certificate of Cloud Security Knowledge (CCSK)   X
Certified Cloud Security Specialist (CCSS)   X
EXIN Certified Integrator Secure Cloud Services (CISCS) X  
Symantec Certified Professional-Cloud Security (SCP-CS) X  
VMware Certified Advanced Professional-Cloud Infrastructure Design (VCAP-CID) X  
CA AppLogic Certified Cloud Architect (CA-ACCA) X  
IBM Certified Solution Architect-Cloud Computing Infrastructure (CSA-CCI) X Certified Technical Architect (SCTA) X  

Cloud security certifications (sorted alphabetically)

CA AppLogic Certified Cloud Architect (CA-ACCA)
Certification level: Advanced
Certification type: Vendor-specific

The CA-ACCA is targeted at system architects and cloud administrators who want to learn in-depth topics related to configuring and managing the CA AppLogic cloud platform. Though cloud security is a significant portion of the material covered by this certification, the CA-ACCA offers a comprehensive look at all aspects of cloud infrastructure and architecture. If your company uses or is considering use of the AppLogic cloud platform, the CA-ACCA certification is considered a must-have advanced certification for those responsible for architecting cloud implementations using AppLogic. CA's AppLogic group, formed in 2010 following CA's acquisition of 3Tera, also offers self-paced online training as well as instructor-led training via CA education partners or on-site training conducted by CA engineers and instructors.

Source: Certification from CA Technologies for CA AppLogic

Certificate of Cloud Security Knowledge (CCSK)
Certification level: Foundational
Certification type: Vendor-neutral

The CCSK certification was established by the Cloud Security Alliance as a foundation of cloud security knowledge for newcomers to the cloud computing arena. The CCSK provides a solid foundation of cloud security essential knowledge as well as best practices gleaned from those who have blazed this trail before you. What better way to learn what to do than by learning what you should NOT do in the cloud? All kidding aside, the specificity of the exam and that it is designed and taught by some of the industry's leading cloud security experts indicates that the CCSK is the already becoming the industry's foremost vendor-neutral cloud security certification. Note that the CCSK certification is available in both English and Spanish.

Editor's note: SearchCloudSecurity has partnered with the Cloud Security Alliance to offer our members nine free online classes to prepare for the CCSK exam.

Source: CSA Education -- CCSK

Certified Cloud Security Specialist (CCSS)
Certification level: Foundational
Certification type: Vendor-neutral

The CCSS certification offered by Arcitura subsidiary includes excellent foundational knowledge of cloud technologies as well as three modules specifically covering cloud security content. Arcitura/ offers self-study kits through its website as well as instructor-led training classes for most of the required CCSS modules. In order to successfully acquire the CCSS certification, each candidate must successfully pass five exams:

  • Fundamental Cloud Computing
  • Cloud Technology Concepts
  • Fundamental Cloud Security
  • Advanced Cloud Security
  • Cloud Security Lab

The required CCSS training courses are available now, but testing for the CCSS is still under development. When finalized and commercially available (a new exam is expected in fall 2013), CCSS testing will be conducted by Prometric.

Source: Certified Cloud Security Specialist

EXIN Certified Integrator Secure Cloud Services (CISCS)
Certification level: Foundational
Certification type: Vendor-neutral

CISCS certification from EXIN is not purely dedicated to cloud security, though it does offer a well-rounded foundational overview of cloud concepts and relevant infosec topics. The advantage to this approach is that participants learn not only cloud security concepts and best practices, but they also learn how cloud security fits into an overall cloud strategy. CISCS certification consists of three modules that must be mastered in order to pass the certification exam:

  • IT Service Management and ITIL
  • Information Security
  • Cloud Computing

EXIN offers CISCS testing through both Prometric and Pearson VUE exam centers.

Source: EXIN Certified Integrator Secure Cloud Services

IBM Certified Solution Architect-Cloud Computing Infrastructure (CSA-CCI)
Certification level: Advanced
Certification type: Vendor-specific

The IBM CSA-CCI certification track requires mastery of the following cloud-related principles:

  • Cloud computing basics
  • IBM Cloud Computing principles
  • IBM Cloud Computing design concepts
  • Implementing IBM Cloud Computing
  • Types of clouds and as-a-service offerings
  • Cloud infrastructure technologies, including cloud security
  • Addressing security in a cloud computing environment
  • Knowledge of the IBM Cloud Computing offerings, including provisioning, storage, security, monitoring and hypervisors

Not surprisingly, this certification makes the most sense for security pros who are (or need to be) versed in cloud security built on IBM infrastructure. Those seeking this certification must be adequately versed in how products from Big Blue's Tivoli, Websphere and CloudBurst brands work to not only facilitate enterprise cloud computing, but can also be used to secure it.

Source: IBM Professional Certification Program Certified Technical Architect (SCTA)
Certification level: Advanced
Certification type: Vendor-specific is one of the pioneers of cloud computing, specifically the Software as a Service (SaaS) movement. The SCTA certification is geared toward architects and designers who want to certify their knowledge and expertise for designing scalable and secure applications on the cloud platform. In order to pass the SCTA exam, participants must demonstrate mastery of cloud application design principles, application-level security considerations (to ensure secure communications between and third-party apps) and best practices for deploying applications via Obviously, this is a highly specific certification and best for individuals whose organizations either have invested heavily in, or those who intend to specialize in implementing and securing infrastructures.

Source: Certification Architects Track

Symantec Certified Professional-Cloud Security (SCP-CS)
Certification level: Intermediate
Certification type: Vendor-specific

Symantec Corp. has always offered standalone, product-centric certifications, but several years ago Symantec recognized the market need for a multidiscipline certification track. As a result, the SCP certification program was established in July 2012 to offer certifications that span multiple Symantec products across an expanded area of expertise that now includes cloud concepts. The SCP-CS certification was developed in a partnership between Symantec and the Cloud Security Alliance as an intermediate-level certification that concentrates on security concerns within cloud computing environments.

Symantec has been around for more than two decades and today engages in a number of IT security disciplines. Cloud security topics covered by this certification include design, deployment and management of cloud computing resources. Symantec stresses in this certification that cloud security is an important aspect of cloud computing that must be included as a discussion point in every step of the cloud migration or integration process. It is not acceptable, according to Symantec, to wait until deploying a cloud environment to start thinking about cloud security; security should be the overriding concern from the beginning of the cloud planning process, and that emphasis should carry through to the implementation and management phases of all cloud computing projects. To achieve this level of certification, candidates must provide proof of passing the CCSK exam mentioned above, pass the SCP technical exam and accept the Symantec Certification Agreement.

Source: Symantec Certified Professional (SCP) Exam 850-001: Cloud Security 1.0

VMware Certified Advanced Professional-Cloud Infrastructure Design (VCAP-CID)
Certification level: Intermediate
Certification type: Vendor-specific

VMware has become a leading provider of software for cloud computing infrastructure, virtual desktops and cloud management. Its early entry into cloud computing software gives VMware a corresponding head start in the vendor-specific cloud certification market. The VCAP-CID certification includes best practices for cloud design considerations, security, metering, compliance and availability. Note that there are other variants of the VMware Certified Advanced Professional certification that might also be beneficial to the aspiring -- or even the experienced -- cloud computing professional.

Source: VMware Certified Advanced Professional-Cloud Infrastructure Design (VCAP-CID)

Coming attractions

Considering the growing emphasis on the security aspects of public and private cloud computing, there are several cloud-security-related certifications that are currently under development that I want to mention here so you can keep your eyes peeled as these certifications and exams become available in the coming months.

Foremost among these future certifications is the (ISC)2 and CSA cloud security certification. This yet-to-be-named certification is expected to build off of the  industry-leading CISSP certification of (ISC)2and the CSA's CCSK certification. At this time, few specifics are available, but comments from CSA leadership indicate that the global credential will encompass both technical and strategic issues related to cloud security. The new certification, and its examination, are expected to debut in 2014.

Other certifications worthy of note include:

There's no doubt that, as of 2013, we are in the very early days of cloud computing security certifications. As the adoption of various types of cloud computing grows and evolves, there will be an increasing need for information security professionals to ensure those implementations are secure, and in turn a need for the best and most capable of those infosec pros to identify and attain certifications that demonstrate their expertise. It will be an exciting field to watch in the months and years to come.

About the authors:
Ed Tittel is a 30-plus-year IT veteran who's worked as a software developer, networking consultant, technical trainer, writer and expert witness. Perhaps best known for creating the Exam Cram series in the late 1990s, Ed has contributed to over 100 books on a variety of computing topics, including numerous titles on information security and HTML. Ed also blogs regularly for Tech Target (IT Career Jump Start, Windows Enterprise Desktop) and other publications.

Earl Follis is a long-time IT professional who's worked as a technical trainer, a technical evangelist, a network administrator and in other positions for a variety of companies that include Thomas-Conrad, Tivoli/IBM, Nimsoft, Dell and more. He's also contributed to numerous books, including For Dummiestitles on Windows Server and NetWare, and written for many print and Web publications. His primary areas of technical interest include networking, operating systems and unified monitoring.

This was first published in September 2013



Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Enterprise cloud security best practices for locking down your cloud



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: