CCSK Certification vs AWS Certification – A Definitive Guide
Blog Article Published: 05/28/2018
By Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security I was recently asked about CCSK certification vs AWS certification and which one should be pursued by someone looking to getting into cloud security. This post tries to address the question “which cloud certification is right for you." I’ll give you a lay of the land for both certifications, available training, the exams, and then conclude with thoughts on which certification is right for you.
Certificate of Cloud Security Knowledge (CCSK)The Certificate of Cloud Security Knowledge (CCSK) is from a research organization called the Cloud Security Alliance (CSA). The CSA has created guidance for securing cloud services and released a recently updated version of this guidance (CSA Guidance v4). The guidance is about 150 pages and covers most of the knowledge required to successfully pass the CCSK exam (more about the exam down below). In a nutshell, the goal of the CCSK is a vendor-neutral look at all cloud security issues that covers the three following areas of knowledge:
Cloud computing concepts and architecturesIt begins with answering the question “what is cloud computing,” moves on to the differences between, and other fundamental cloud knowledge.
- Service Models (SaaS, PaaS, IaaS)
- Deployment Models (e.g. Public Cloud, Private Cloud)
- Reference Architectures
- Cloud Security Models
Governing in the cloudLike everything else, cloud security doesn’t (shouldn’t?) operate in a silo. The CCSK addresses how cloud changes governance, risk management and compliance. Other aspects of governing in the cloud include:
- Audit management
- Information governance
- Business continuity
- Jurisdictional issues
- Legal concerns
Operating in the cloudMoving forward, the CCSK covers the technical components of cloud systems such as:
- Virtualization (e.g. hypervisors, Software Defined Networks (SDN), VLAN
- Incident Response
- Application Security
- Data Security and Encryption
- Identity, Entitlement and Access Management
- Security as a Service
- Related Technologies (e.g. DevOps, Immutable Infrastructure, IoT, etc)
CCSK trainingShould you take the training or self-study for the CCSK certification exam? That’s your call. Personally, I’m always a fan of doing training because it allows me to get away from the office and completely immerse myself in the subject at hand. I also get the opportunity to learn how things work in the “real world.” If you prefer the self-study route, you have all the documentation you need listed below to take the exam. If you are looking at the training route for yourself or your company, you can check out our offerings here. We offer the official and authorized CCSK in on-demand, on-line and in-person settings. We can also offer on-site training that is modified to your corporate requirements. (If you are looking for more info, a lot of these details about the CCSK can be found on Cloud Security Alliance’s website.) All course registrants also get access to our exclusive CCSK exam prep kit that includes:
- Immediate access to on-demand CCSK v4 course
- CCSK exam v4 prep videos
- Hundreds of CCSK v4 pre-test questions
- Pre-paid token for the actual CCSK v4 exam
CCSK certification examIn addition to the CSA Guidance, you’ll need to read and understand CSA's Cloud Controls Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ), and finally the ENISA Cloud Computing Risk Assessment document. All documents are available from the following download links.
CCSK exam detailsThe exam itself is taken online any time you wish. There are 60 questions, and you are given 90 minutes to finish. It is an open-book exam, but don’t let that fool you – it’s a pretty tough exam, and I have seen people from various backgrounds fail. My belief on the reason people fail the exam is because of the diverse nature of the CCSK exam itself. You’re looking at an exam that addresses both cloud operations and cloud governance. Most people will be strong in one or the other, but rarely is someone well-versed in both areas. If you’re in a technical position at work, you’ll need to focus on governance and vice versa, of course. We have published some pre-test practice questions for exam candidates who are looking to see what they might be up against before taking the actual test. All the questions are based on the new v4 version of the CCSK exam. Ready to get started? Download the CSA CCSK prep kit or look for upcoming training sessions near you.
Amazon Web Services (AWS Certification)Amazon has multiple AWS and specialty certifications available. For convenience, I’m including the roadmap graphic that was on the AWS certification site below: As you can see, there’s more to the question “CCSK or AWS Certification.” AWS has multiple streams available, but I’m going under the assumption that most people mean the AWS Certified Solutions Architect designation. Regardless of the track or specialty, let’s make one thing extremely clear: AWS is a vendor and the complete focus will be on HOW things are done in AWS, specifically. Amazon says so themselves in their certification descriptions: “technical role-based certification.”
AWS Certified Solutions Architect – AssociateBelow is the list of recommended knowledge you should have before even considering the AWS Architect – Associate exam. I have done this exam (yes, I passed) and I wrote about my thoughts on that exam here.
- One year of hands-on experience designing available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- An understanding of the basic architectural principles of building on the AWS Cloud
- An understanding of the AWS global infrastructure
- An understanding of network technologies as they relate to AWS
- An understanding of security features and tools that AWS provides and how they relate to traditional services
AWS Certified Solutions Architect – ProfessionalI have not taken this exam. That said, I have worked with many people who have taken and passed the professional exam. These people really know their AWS stuff. I think it is fair to say there aren’t many people who have the professional designation who just know the theory of things, but rather have years of practical hands-on experience in AWS. In order to take the professional-level exam you must have the associate-level certification already. Here is the list of knowledge AWS expects their professional architect holders to have:
- Designing and deploying dynamically scalable, highly available, fault-tolerant, and reliable applications on AWS
- Selecting appropriate AWS services to design and deploy an application based on given requirements
- Migrating complex, multi-tier applications on AWS
- Designing and deploying enterprise-wide scalable operations on AWS
- Implementing cost-control strategies
AWS trainingFor the AWS Architect – Associate certification, you can either take the self-study approach or attend an actual training session. Bottom line here is this is not a theory-based exam. You will need to have actually spun up server instances and have worked with AWS services before taking the actual exam. Amazon has excellent learning collateral in their whitepapers that you should study if you are going solo. The resources they recommend are:
- Architecting for the Cloud: AWS Best Practices
- The AWS Well-Architected webpage (various whitepapers located here)
AWS certification examA word to the wise. Passing the AWS Architect is all about two things:
- Hands-on experience, and
- Knowing what is covered in the exam.
AWS exam detailsThe AWS exam is a scaled score exam. In other words, not all questions have the same value. Easy questions are worth less than harder ones. I’m not alone when I say I hate these types of exams as you have no idea how you’re actually doing as you go through the questions. And an added bonus, Amazon states you need a “720” (out of 1,000) to pass the test, which does not mean 72 percent because the questions all have different values. Download the AWS Certified Solutions Architect – Associate (February 2018) Download the AWS Certified Solutions Architect – Professional exam guide.
Which cloud certification is right for you?As we covered, the two certifications are not similar at all. The CCSK is relevant to both governance and operational security of cloud services. It is written by an independent body and is completely vendor agnostic. The AWS certifications are 100-percent technical and are specific to AWS implementations.
- CCSK certification addresses the “what” of cloud security
- AWS certification addresses the “how” of AWS implementations
Share this content on your favorite social network today!