This content is part of the Essential Guide: Enterprise cloud security best practices for locking down your cloud

Essential Guide

Browse Sections

A guide to cloud security certifications for infosec pros

Both vendor-neutral and vendor-specific cloud security certifications have emerged as businesses shift toward cloud computing models that reduce TCO and expand computing capacity.

Cloud computing continues to be a hot-button topic for companies looking to reduce the total cost of ownership...

for server and end-user computers, while offering automated expansion of computing capacity and better management of virtualized environments. Information security is likewise a hot topic, what with numerous well-publicized security breaches among corporations, universities and government agencies weighing on the minds of IT professionals and C-level executives alike nowadays.

At the intersection of these two popular IT topics lies the emerging field of cloud security certifications. As an increasing number of information security and IT operations professionals shift their careers toward cloud computing, a small, but growing number of cloud security certifications have emerged, divided between vendor-specific certifications and vendor-neutral certifications.

This guide, which complements SearchSecurity's IT security certifications guide, examines the available cloud security certifications that can translate to better career opportunities -- and a higher salary -- for you as cloud security best practices and certifications continue to expand and mature.

This guide has been updated to reflect the addition of several notable cloud security certifications: Cisco Certified Network Associate (CCNA) Cloud, CompTIA Cloud+, Amazon Web Services (AWS) Certified Solutions Architect (AWS-CSA) -- Professional, Certified Cloud Technology Professional (CCTP), (ISC)2 Certified Cloud Security Professional (CCSP) and Microsoft Certified Solutions Expert (MCSE): Cloud Platform and Infrastructure.

Cloud security certifications

AWS Certified Solutions Architect -- Professional

Certification level: Intermediate
Certification type: Vendor-specific

Amazon Web Services dominates the cloud services market. In response to demand for skilled professionals to run AWS data centers and design cloud environments, AWS offered its first certification in 2013. Today, the program offers associate- and professional-level certifications for architects, developers and operations folks (admins and engineers).

The AWS CSA -- Professional certification is geared toward professionals who design and deploy AWS cloud environments, while maximizing security, reliability and other characteristics. Candidates must pass one exam to achieve certification. The AWS CSA -- Professional exam prep guide lists knowledge of "security features that AWS provides and best practices" right after knowledge of "AWS core services." The security domain accounts for 20 percent of the certification exam, more than any of the other domains.

Source: AWS Certified Solutions Architect -- Professional

Certificate of Cloud Security Knowledge (CCSK)

Certification level: Foundational
Certification type: Vendor-neutral

The CCSK certification was established by the Cloud Security Alliance as a foundation of cloud security knowledge for newcomers to the cloud computing arena. The CCSK certification necessitates cloud security essential knowledge, as well as best practices gleaned from those who have blazed this trail.

The specificity of the exam and that it is designed and taught by some of the industry's leading cloud security experts demonstrates that the CCSK is one of the industry's foremost vendor-neutral cloud security certifications. Two training courses are currently available: CCSK-Foundation for entry-level training and CCSK-Plus for additional hands-on experience.

Source: CSA education -- CCSK

Certified Cloud Security Specialist (CCSS)

Certification level: Foundational
Certification type: Vendor-neutral

The CCSS certification, offered by Arcitura Education Inc. subsidiary, includes excellent foundational knowledge of cloud technologies, as well as security controls for cloud environments and common security threats. offers self-study kits through its website, as well as instructor-led training classes for the CCSS.

To acquire the CCSS certification, each candidate must successfully pass five exams:

  • Fundamental Cloud Computing
  • Cloud Technology Concepts
  • Fundamental Cloud Security
  • Advanced Cloud Security
  • Cloud Security Lab

Source: Certified Cloud Security Specialist

Certified Cloud Technology Professional

Certification level: Intermediate
Certification type: Vendor-neutral

The CCTP, from, focuses on the skills required to build and securely implement infrastructure-as-a-service, platform-as-a-service and software-as-a-service (SaaS) solutions.

A CCTP must understand business requirements and how they relate to cloud services, as well as recognize common security threats to cloud services in order to select the appropriate solutions. Candidates must pass two written exams and one lab exam.

Source: Certified Cloud Technology Professional

Cisco Certified Network Associate Cloud

Certification level: Foundational
Certification type: Vendor-specific

The CCNA Cloud certification recognizes cloud engineers and administrators who are building and advancing their cloud skills. An individual who achieves CCNP Cloud certification is qualified to perform basic administration of and provide technical support for Cisco cloud solutions.

Two exams are required to qualify for the CCNA Cloud credential. Cisco offers a wealth of study materials and training courses to prepare for CCNA Cloud certification.

Source: CCNA Cloud

CompTIA Cloud+

Certification level: Foundational
Certification type: Vendor-neutral

CompTIA launched the Cloud+ certification in 2013, as a complement to its highly popular A+, Network+ and Security+ certifications. The Cloud+ certification is for IT professionals with two to three years of experience in networking, storage or IT data center administration.

Candidates for the Cloud+ certification should be well versed in cloud models, security and business continuity, and have working knowledge of resource management. They should also know how to implement, maintain and deliver a cloud infrastructure.

To obtain the certification, candidates must pass a single exam. The certification must be renewed every three years.

Source: CompTIA

(ISC)2 Certified Cloud Security Professional

Certification level: Intermediate
Certification type: Vendor-neutral

This certification, which is backed by both (ISC)² and the Cloud Security Alliance, focuses on private, public and hybrid cloud environment security and management. A person holding the CCSP certification may plan and design security for a cloud infrastructure, or be involved with day-to-day operations or service.

(ISC)² requires that CCSP candidates have a minimum of five years of IT experience, with at least three years in information security and one year in cloud security. The CCSP exam verifies competence in the six CCSP domains of the (ISC)² Common Body of Knowledge:

  • architectural concepts and design requirements;
  • cloud data security;
  • cloud platform and infrastructure security;
  • cloud application security;
  • operations; and
  • legal and compliance.

Source: (ISC)2 Certified Cloud Security Professional

Microsoft Certified Solutions Expert: Cloud Platform and Infrastructure

Certification level: Intermediate
Certification type: Vendor-specific

Geared toward cloud administrators, cloud architects and information security analysts who use the company's technologies, Microsoft launched the MCSE: Cloud Platform and Infrastructure certification in the fall of 2016. The certification recognizes professionals who manage data centers and who have a thorough knowledge of networking virtualization, systems management, identity management and storage technologies.

To achieve the MCSE: Cloud Platform and Infrastructure credential, candidates must earn a Microsoft Certified Solutions Associate certification and pass one of ten elective exams. Although the MCSE: Cloud Platform and Infrastructure certification doesn't expire, Microsoft recommends taking an elective exam each year to keep your certification and skill set up to date.

Source: Microsoft Certified Solutions Expert: Cloud Platform and Infrastructure

Professional Cloud Security Manager (PCSM)

Certification level: Intermediate
Certification type: Vendor-neutral

The Cloud Credential Council (CCC), based in Palo Alto, Calif., offers several cloud-related credentials that address the business, development and technology sides of cloud creation and administration, but only the Professional Cloud Security Manager certification focuses entirely on security.

The PCSM certifies that individuals are well-versed in key cloud computing security concepts, IT governance and risk management, threats and challenges, compliance, reference models and standards, physical security, business continuity and disaster recovery, virtualization management, and much more.

Although the certification has no prerequisites, the CCC recommends that candidates have five years of enterprise security experience to achieve the Cloud Technology Associate certification or an equivalent certification first. The CCC offers a self-study kit for sale on its website. A three-day training course is available through CCC-accredited training partners, but is not required.

Source: Cloud Credential Council Professional Cloud Security Manager

Salesforce Certified Technical Architect (CTA)

Certification level: Advanced
Certification type: Vendor-specific

Salesforce is one of the pioneers of cloud computing, including the SaaS movement. The CTA certification is geared toward Salesforce architects and designers with at least five years of experience who want to certify their knowledge and expertise for designing scalable and secure applications on the Salesforce cloud platform.

In order to pass the CTA exam, participants must demonstrate mastery of cloud application design principles, application-level security considerations (to ensure secure communications between Salesforce and third-party apps), and identity management and best practices for deploying applications via Salesforce. Obviously, this is a highly specific certification, and it is best for individuals whose organizations either have invested heavily in Salesforce, or those who intend to specialize in implementing and securing Salesforce infrastructures.

Obtaining the credential involves three parts: a self-evaluation, a multiple-choice written exam and a review board presentation. Each step must be completed before candidates may move on to the next phase of the credentialing process. The review board meets only at designated times, which are published on the Salesforce website.

Source: Salesforce Certified Technical Architect

VMware Certified Professional 7 -- Cloud Management and Automation (VCP7-CMA)

Certification level: Intermediate
Certification type: Vendor-specific

VMware has become a leading provider of software for cloud computing infrastructure, virtual desktops and cloud management. Its early entry into cloud computing software gave VMware a corresponding head start in the vendor-specific cloud certification market.

The VCP7-CMA certification recognizes IT professionals who work with VMware's vSphere and vRealize daily, performing installations, configuration and management tasks.

To obtain the credential, candidates who already hold the VCP6-CMA certification must pass the VCP7-CMA exam. Candidates who are new to VMware technology must take a training course, pass the vSphere 6 Foundations exam and pass the VCP7-CMA exam.

Source: VMware Certified Professional 7 -- Cloud Management and Automation

Next Steps

Which cloud computing certifications are worth the effort?

Is the end near for cloud computing?

Why cloud computing is more secure than traditional IT

Dig Deeper on Cloud Computing Frameworks and Standards