demonishen - Fotolia

Symantec quietly drops cloud security certification due to lack of adoption

After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security strategy.

SearchCloudSecurity has learned that after less than three years, Symantec Corp. has pulled the plug on its dedicated cloud security certification.

The Symantec Certified Professional-Cloud Security (SCP-CS) training path and certification is no longer available, according to the company's website. A Symantec spokesperson confirmed the SCP-CS certification, which was based on the Symantec Cloud Security Essentials (SCSE) course, was cancelled last month.

"Symantec discontinued the course due to a lack of adoption," the spokesperson said. "Cloud Security Essentials was not a Symantec product-specific course and it hasn't had uptake."

The SCP-CS was first introduced in 2012 as part of a relaunch of the Symantec Certified Professional program and became one of the more prominent vendor certifications in the area of cloud security.  According to the vendor, the certification targeted "professionals who are tasked with architecting, recommending or implementing a company's data security strategy in the cloud."

The Symantec Certified Professional-Cloud Security (SCP-CS) training path

Symantec partnered with the Cloud Security Alliance to develop the SCP-CS certification; the three-day instructor-led course covered the CSA's 13 domains of cloud security and also required the CSA's Certificate of Cloud Security Knowledge (CCSK) as a prerequisite for becoming a SCP-CS.

Symantec cloud security strategy in question

Symantec partners contacted by SearchCloudSecurity were unaware that the Mountain View, Calif.-based vendor has discontinued its cloud security certification program.

Paul Smith, partner at Datasmith Network Solutions, a Symantec partner based in Walpole, Mass., said the abrupt end to the SCP-CS certification is indicative of the vendor's recent struggles.

"This is just another sign of a company that's in trouble," Smith said. "They didn't notify partners about the change, and the lack of communication and lack of a clear strategy around changes like this are part of the problem with Symantec."

Rich Mogull, analyst and CEO at Phoenix-based research firm Securosis LLC, said the SCP-CS certification may have been dropped because Symantec is attempting to shift its cloud strategy to make more products cloud-focused.

"Most vendor training tends to be more successful when it has a narrow product focus," Mogull said.

But that exposes a bigger issue for Symantec than just a certification change, Mogull said -- the company simply doesn't have much in the way of dedicated cloud products.

The lack of communication and lack of a clear strategy around changes like this are part of the problem with Symantec.
Paul SmithPartner, Datasmith Network Solutions

"They've played with a bunch of [cloud] technologies, but they haven't really come out with anything dedicated to cloud beyond Symantec CSP (Critical System Protection), which started out as a data center server-hardening product," Mogull said. "The cloud is so fundamentally different at a technology and architecture level, that you can't merely market or tweak your way into sales. Cloud washing a few products isn't going to cover it."

While the vendor's Symantec.Cloud suite does offer email security and enterprise data archiving, Symantec has dropped other cloud products -- such as Backup Exec.Cloud in late 2013.

The lack of cloud products is another major concern for partners like Datasmith.

"You're just not hearing a lot from Symantec on cloud," Smith said. "They're not making themselves a player in the cloud security space, and it's going to be hard for them to catch up."

Next Steps

Find out how important cloud security certifications are to infosec professionals

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices