ThorstenSchmitt - Fotolia
Massive changes in any industry require retraining the workforce with the updated skills and certifications needed to support the changing environment. In the case of cloud security, evolving technology creates new opportunities for training and certifications. Advancements and changes to cloud security technology, tools and compliance regulations make it a challenge for people in the industry to stay up to date. With so many vendor-neutral and vendor-specific programs on the market, which would be considered the top cloud security certifications?
The existing training and professional organizations in information security have developed certifications for cloud security, and there are new options now available. Just like with prior certifications, there are vendor-agnostic and vendor-specific certification options for cloud security. The best cloud security certification for an individual or enterprise depends on many variables, including the individual's professional career goals, the business needs, or the cloud platforms and vendors used. However, there are two standouts:
- Certified Cloud Security Professional (CCSP): Traditional certification organizations like (ISC)2 and SANS Institute both have security trainings for the cloud. (ISC)2 and Cloud Security Alliance (CSA) collaborated to design the CCSP certification. The candidates are challenged on abilities to "design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures," according to the (ISC)2 The basics of cloud computing skills will also be assessed. Typical CCSP candidates likely work at enterprises adopting cloud services for internal use or work as service providers at different cloud platforms.
- Certificate of Cloud Security Knowledge (CCSK): CSA also offers the CCSK, which asks candidates to demonstrate "technical knowledge, skills and abilities to effectively develop a holistic cloud security program relative to globally accepted standards," according to the CSA website.
To improve skills and train security, the CCSP or the CCSK certifications are a smart first step. Build on this foundational knowledge with continued intermediate or vendor-specific certifications. Many cloud services and platforms offer vendor-specific certifications. For IaaS services, there are trainings from AWS, Microsoft and others, and Salesforce has PaaS- and SaaS-related certifications.
There are dozens of vendor-specific certifications that could be valuable for employers and employees alike. Employers benefit from the raised education level of certified staff members, and individual employees become more professionally valuable to the organization.
These cloud security certifications cover many mature aspects of the service providers, but cloud services and environments evolve at a rapid pace. The certifications will also adapt to reflect the new technology, tools and regulation updates. With so many security aspects and risks in flux, it's important to stay on top of industry certifications and best practices.
Dig Deeper on Cloud Computing Frameworks and Standards
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading