BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Although there is some debate over the value of certain security certification programs, most of them can deliver...
more significant benefits to professionals than the traditional self-study options.
A certification, for instance, covers topics that are broader than purely the interest of the student, which requires the student to learn more than just the minimum around a specific topic. Skipping a few dull, but important, chapters is not a wise decision if there is an expensive exam coming up. A certification exam also forces a student to actually study the material, and to not just read through it. The exam date also provides a deadline for when to finish the material. Finally, a certificate such as Certified Information Systems Security Professional (CISSP) shows an employer that a future employee has put significant time and money into obtaining that certificate and the associated skills.
Cloud security certifications
The security industry has been around for decades, and so have some of the best-known certifications. (ISC)2's CISSP certification, for instance, was released in 1994, and ISACA's Certified Information Systems Auditor certification dates back to 1987.
Some of these older, well-established certification providers have added cloud components to their material since the rise of cloud products in recent years. The depth of those add-ons is often quite limited, though; sometimes, it's just a few pages in a book. Considering the importance of cloud technologies today, and new cloud-specific attacks, such as man-in-the-cloud attacks, more focus is required. For instance, which training provider would cover how to securely manage an organization's data, while migrating a server cluster to Microsoft Azure or Amazon Web Services?
Fortunately, there are some certification providers that have taken the subject seriously, and have introduced dedicated, in-depth cloud security certifications.
- (ISC)2's Certified Cloud Security Professional (CCSP)
By far, the best-known and most established cloud security certification is the CCSP from (ISC)2. For over 20 years, (ISC)2 has been responsible for the de facto standard in IT security certifications: CISSP. Although CISSP now contains more material on the cloud, the specialized CCSP program takes it to the next level. It covers a broad range of cloud-related topics, such as cloud application security and cloud platform security, and it delves deep into the details.
Students should expect to invest quite a bit of time to pass this exam, or should utilize a training vendor to prepare for this certification successfully.
Before becoming certified, there is a requirement to have a demonstrated history of several years of security and cloud experience as well. Although the requirements are high, it adds to the value of this certification.
- Cloud Security Alliance's Certificate of Cloud Security Knowledge (CCSK)
A lighter alternative to the heavy CCSP certification is offered by the Cloud Security Alliance in the form of the CCSK certification. This certification is dedicated to cloud security, and, just like the CCSP, it goes into the technical details.
There are a few major differences between CCSP and CCSK, however. First, the body of knowledge is not as broad for CCSK as it is for CCSP. The study material for CCSK is freely available on the internet in the form of two key documents, so no books or training courses are required. Secondly, there are no experience requirements for the CCSK certification. A final difference is that the CCSK exam train is available online for a relatively low fee (around $350 USD), and is open-book.
These points make the CCSK a good alternative cloud security certification for an entry-level to midrange security professional with an interest in cloud data security, where there is no justification for the time and costs that the CCSP certification requires.
- Global Science and Technology Forum's Certified Cloud Security Specialist (CCSS)
The Global Science and Technology Forum (GSTF) offers a broad range of certifications, with topics that include blockchain, machine learning, IoT and cloud computing. The Certified Cloud Security Specialist (CCSS) certification covers topics such as secure architecture, data loss and data location, and security as a service. This in-depth, advanced course requires participants to have already completed at least one of the following as a foundation: GSTF Certified Cloud Computing Associate (CCCA), GSTF Certified Cloud Computing Specialist (CCCS) or EXIN Cloud Technologies Advanced.
- EXIN -- Certified Integrator Secure Cloud Services
EXIN offers many security and cloud courses, and a Certified Integrator Secure Cloud Services certification is granted when specific cloud computing and security qualifications are met. This unique approach ensures the certified professional is skilled in both IT security and cloud environments.
- SANS Institute's Cloud Security Fundamentals (SEC524)
The SANS Institute is well-known for its practical, and often costly, security training that is hosted by experienced instructors.
The SEC524 offering is a two-day program, followed by an optional exam, which can be booked at a later stage. Both the inspector-led training and the exam are not cheap -- expect to spend about $2,640 USD in total.
Since the two-day training program is mandatory, where CCSP and CCSK can be taken as self-study, this obviously is not a low-budget option. It does offer hands-on experience and some labs, which could be worth the extra investment for organizations or individuals looking for a more technical experience.
- Cloud Credential Council -- Professional Cloud Security Manager certification (PCS)
This certification course covers topics such as the shared physical and operations responsibility within a cloud system, legal and contractual specifics for cloud contracts and business continuity planning. The focus is about how cloud security is different from the more traditional security practices. This is a more advanced course and CCC recommends students to complete a lower-level cloud course first, such as their Cloud Technology Associate program.
The best under-the-radar cloud security certifications
There are other, lesser known cloud security certifications. Some cloud platform providers also offer more practical product training, such as Amazon and Microsoft. However, in the end, the flagship is the CCSP certification, followed closely by the CCSK offering.
Of course, there is something to be said for self-taught cloud security professionals. After all, when the first cloud products started rolling in about a decade ago, none of these programs existed yet. A professional working on these new technologies simply did not have the time to wait for years before building a secure environment. They hopefully did the responsible thing back then and upskilled via experience, books and the internet. Certification, however, formalizes that existing knowledge, and will probably even extend it further.
An interesting recent development in this space is the emergence of more advanced training options. Training providers either require that cloud platform certifications already be obtained, or at least recommend some basic or even advanced prior knowledge about the cloud itself before taking on their certification path. This will have a positive effect on the knowledge base in the cloud security field.
For anyone looking for a new opportunity in the cloud security area, certification is always a good opportunity to show an employer that you have an existing interest in the subject and that you have an existing level of knowledge present.
A guide to specialized security certifications
Navigating Oracle certification options