BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Although there is some debate over the value of certain security certification programs, most of them can deliver...
more significant benefits to professionals than the traditional self-study options.
A certification, for instance, covers topics that are broader than purely the interest of the student, which requires the student to learn more than just the minimum around a specific topic. Skipping a few dull, but important, chapters is not a wise decision if there is an expensive exam coming up. A certification exam also forces a student to actually study the material, and to not just read through it. The exam date also provides a deadline for when to finish the material. Finally, a certificate such as Certified Information Systems Security Professional (CISSP) shows an employer that a future employee has put significant time and money into obtaining that certificate and the associated skills.
Cloud security certifications
The security industry has been around for decades, and so have some of the best-known certifications. (ISC)2's CISSP certification, for instance, was released in 1994, and ISACA's Certified Information Systems Auditor certification dates back to 1987.
Some of these older, well-established certification providers have added cloud components to their material since the rise of cloud products in recent years. The depth of those add-ons is often quite limited, though; sometimes, it's just a few pages in a book. Considering the importance of cloud technologies today, and new cloud-specific attacks, such as man-in-the-cloud attacks, more focus is required. For instance, which training provider would cover how to securely manage an organization's data while migrating a server cluster to Microsoft Azure or Amazon Web Services?
Fortunately, there are some certification providers that have taken the subject seriously, and have introduced dedicated, in-depth cloud security certifications.
(ISC)2's Certified Cloud Security Professional (CCSP)
By far, the best-known and most established cloud security certification is the CCSP from (ISC)2. For over 20 years, (ISC)2 has been responsible for the de facto standard in IT security certifications: CISSP. Although CISSP now contains more material on the cloud, the specialized CCSP program takes it to the next level. It covers a broad range of cloud-related topics, such as cloud application security and cloud platform security, and it delves deep into the details.
Students should expect to invest quite a bit of time to pass this exam, or should utilize a training vendor to prepare for this certification successfully.
Before becoming certified, there is a requirement to have a demonstrated history of several years of security and cloud experience, as well. Although the requirements are high, it adds to the value of this certification.
Cloud Security Alliance's Certificate of Cloud Security Knowledge (CCSK)
A lighter alternative to the heavy CCSP certification is offered by the Cloud Security Alliance in the form of the CCSK certification. This certification is dedicated to cloud security, and, just like the CCSP, it goes into the technical details.
There are a few major differences between CCSP and CCSK, however. First, the body of knowledge is not as broad for CCSK as it is for CCSP. The study material for CCSK is freely available on the internet in the form of two key documents, so no books or training courses are required. Secondly, there are no experience requirements for the CCSK certification. A final difference is that the exam for CCSK is available online for a relatively low fee (around $350 USD), and is open-book.
These points make the CCSK a good alternative cloud security certification for an entry-level to midrange security professional with an interest in cloud security, where there is no justification for the time and costs that the CCSP certification requires.
SANS Institute's Cloud Security Fundamentals (SEC524)
The SANS Institute is well-known for its practical, and often costly, security training that is hosted by experienced instructors.
The SEC524 offering is a two-day program, followed by an optional exam, which can be booked at a later stage. Both the training and the exam are not cheap -- expect to spend about $4,000 USD in total.
Since the two-day training program is mandatory, where CCSP and CCSK can be taken as self-study, this obviously is not a low-budget option. It does offer hands-on training and some labs, which could be worth the extra investment for organizations or individuals looking for a more technical experience.
The best cloud security certifications
There are other, lesser known cloud security certifications. Some cloud platform providers also offer product training. However, in the end, the flagship is the CCSP certification, followed closely by the CCSK offering.
Of course, there is something to be said for self-taught cloud security professionals. After all, when the first cloud products started rolling in about a decade ago, none of these programs existed yet. A professional working on these new technologies simply did not have the time to wait for years before building a secure environment. They hopefully did the responsible thing back then and upskilled via experience, books and the internet. Certification, however, formalizes that existing knowledge, and will probably even extend it further.
For anyone looking for a new opportunity in the cloud security area, certification is always a good opportunity to show an employer that you have an existing interest in the subject and that you have an existing level of knowledge present.
Find out what the best security certifications are for beginners
Read about why ISO 27001 and other security certifications are valuable
Check out the best internet of things security certifications