Last week at the RSA Conference in San Francisco, the Cloud Security Alliance (CSA) and the certification body responsible for the Certified Information Systems Security Professional (CISSP), (ISC)², announced a new certification aimed squarely at the secure design, implementation and management of cloud environments. Dubbed the Certified Cloud Security Professional (CCSP), the cert is meant to establish an international standard for proving the advanced skills necessary to secure the cloud.
According to executives with both organizations, the joint certification is meant to build off the existing educational and certification programs of both the CISSP and the CSA's Certificate of Cloud Security Knowledge (CCSK). While the CCSK is meant to be a baseline test of cloud security knowledge from even the most basic of IT staff, the new CCSP is meant to prove deeper knowledge acquired from hands-on professional work in securing cloud environments. It's meant to validate skills and knowledge of the intricacies in cloud security architecture, design, operations and service orchestration.
"This unique credential combines the collective experience and research of both organizations and establishes a new benchmark for advanced cloud security knowledge and competence," says David Shearer, executive director of (ISC)².
As a prerequisite for applying for the CCSP, applicants must have five years of experience in IT, at least three of which spent in information security and one in cloud computing. Testing will be done on six domains of expertise: architectural concepts and design requirements, cloud data security, cloud platform and infrastructure security, cloud application security, legal and compliance, and operations.
According to a report released this week at RSA by Enterprise Strategy Group and Tufin, 85 percent of enterprises use private cloud technologies, either in production or running as a proof-of-concept. And 91 percent use public cloud platforms, specifically infrastructure-as-a-service and platform-as-a-service.
Meanwhile another study released by CloudLock just prior to the show demonstrates that organizations today have an average of 1.2 million files stored in the cloud, 10 times the volume of files stored in cloud applications last year. Among those, CloudLock reported that they have an averge 100,000 files containing sensitive information stored in public clouds.
"Many enterprises have told us that cloud computing is becoming their primary IT system," says Jim Reavis, CEO, Cloud Security Alliance. "An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise."