demonishen - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Symantec quietly drops cloud security certification due to lack of adoption

After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security strategy.

SearchCloudSecurity has learned that after less than three years, Symantec Corp. has pulled the plug on its dedicated cloud security certification.

The Symantec Certified Professional-Cloud Security (SCP-CS) training path and certification is no longer available, according to the company's website. A Symantec spokesperson confirmed the SCP-CS certification, which was based on the Symantec Cloud Security Essentials (SCSE) course, was cancelled last month.

"Symantec discontinued the course due to a lack of adoption," the spokesperson said. "Cloud Security Essentials was not a Symantec product-specific course and it hasn't had uptake."

The SCP-CS was first introduced in 2012 as part of a relaunch of the Symantec Certified Professional program and became one of the more prominent vendor certifications in the area of cloud security.  According to the vendor, the certification targeted "professionals who are tasked with architecting, recommending or implementing a company's data security strategy in the cloud."

The Symantec Certified Professional-Cloud Security (SCP-CS) training path

Symantec partnered with the Cloud Security Alliance to develop the SCP-CS certification; the three-day instructor-led course covered the CSA's 13 domains of cloud security and also required the CSA's Certificate of Cloud Security Knowledge (CCSK) as a prerequisite for becoming a SCP-CS.

Symantec cloud security strategy in question

Symantec partners contacted by SearchCloudSecurity were unaware that the Mountain View, Calif.-based vendor has discontinued its cloud security certification program.

Paul Smith, partner at Datasmith Network Solutions, a Symantec partner based in Walpole, Mass., said the abrupt end to the SCP-CS certification is indicative of the vendor's recent struggles.

"This is just another sign of a company that's in trouble," Smith said. "They didn't notify partners about the change, and the lack of communication and lack of a clear strategy around changes like this are part of the problem with Symantec."

Rich Mogull, analyst and CEO at Phoenix-based research firm Securosis LLC, said the SCP-CS certification may have been dropped because Symantec is attempting to shift its cloud strategy to make more products cloud-focused.

"Most vendor training tends to be more successful when it has a narrow product focus," Mogull said.

But that exposes a bigger issue for Symantec than just a certification change, Mogull said -- the company simply doesn't have much in the way of dedicated cloud products.

The lack of communication and lack of a clear strategy around changes like this are part of the problem with Symantec.
Paul SmithPartner, Datasmith Network Solutions

"They've played with a bunch of [cloud] technologies, but they haven't really come out with anything dedicated to cloud beyond Symantec CSP (Critical System Protection), which started out as a data center server-hardening product," Mogull said. "The cloud is so fundamentally different at a technology and architecture level, that you can't merely market or tweak your way into sales. Cloud washing a few products isn't going to cover it."

While the vendor's Symantec.Cloud suite does offer email security and enterprise data archiving, Symantec has dropped other cloud products -- such as Backup Exec.Cloud in late 2013.

The lack of cloud products is another major concern for partners like Datasmith.

"You're just not hearing a lot from Symantec on cloud," Smith said. "They're not making themselves a player in the cloud security space, and it's going to be hard for them to catch up."

Next Steps

Find out how important cloud security certifications are to infosec professionals

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you think Symantec's removal of its SCP-CS training and cert means trouble for the company?
The fact that Symantec Certified Professional-Cloud Security training path and certification has been withdrawn is reason enough for enterprises to be inquisitive on the legalities of the company. This is in as much as the company argues the same is due to lack of adoption. Such training has been rated one of the most prominent in cloud security. Their partners were not notified, which relays lack of communication that can be extrapolated as unclear strategies.
I'm going to disagree here.  There is a lot of push for paper mill certifications in some areas of the software field, and not all of them have a meaningful and tangible demonstration of real skill and depth of understanding.

It may just be that the market wasn't interested in it, and if the market won't support it, then of course Symantec drops it.
I tend to think that cloud security is intrinsically based on trust and transparency, all of which are lacking in the manner Symantec discontinued SCP-CS.
The backup exec cloud lacks mobile content sharing features wants integrated solutions
Some vendors are learning that certification as some cheap way to bring in and get people trained on their software on their own dime is not the best way to really spread good practices. This is no different whether its a company like Symantec Or Microsoft.   Certifications can serve a purpose, but their value has to show some lasting proof of their worth in getting them.  

It may be that this area of technology is still far too young for that level of maturity to begin to take hold.