“The CSA Certificate of Cloud Security Knowledge (CCSK) will provide a consistent way of developing cloud security competency and provide both organizations and agencies the confidence they need to adopt secure cloud solutions.”

~ Melvin Greer, Chief Strategist, Cloud Computing, Lockheed Martin

“The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud.”

~ Jerry Archer, CSO, Sallie Mae

“The Certificate of Cloud Security Knowledge provides individuals with a solid foundation in cloud security issues and best practices. Organizations that leverage this training will be better positioned to get the most out of their investments in cloud computing. In addition, the certification can be a large help with recruitment efforts as organizations can easily qualify the experience of an individual in cloud security if they have earned the CCSK certificate.”

~ Gary Phillips, senior director, technology assurance and standards research, Symantec Corp

“The launch of CSA’s CCSK program is an important step in improving security professionals’ understanding of cloud security challenges and best practices and will lead to improved trust of and increased use of cloud services.”

~ Matthew Gardiner, Director, CA Security Business

"We have already been leveraging the CSA's Security Guidance for Critical Areas in Cloud Computing as a best practices manual for our information security staff. We now plan to make this certification a requirement for our staff, to ensure they have a solid baseline of understanding of the best practices for securing data and applications in the cloud.”

~ Dave Cullinane, CISO and VP. eBay, Inc

"We applaud the CSA’s initiative to provide this standard and new certification program to enhance cloud security. As the leading cloud-based eDiscovery provider and the first to join the CSA we look forward to helping drive the adoption of this certification standard in the industry."

~ Peter Gaffney, Vice President of Systems and Network Operations, CaseCentral

"Hubspan is committed to providing a secure and reliable cloud computing environment for business integration and to helping companies follow cloud security best practices, of which the CSA's CCSK certification is a great example and one we fully support."

~ Ian Huynh, vice president of engineering and operations, Hubspan Inc.

"This is the standards effort that the industry has been waiting for. As our studies have shown, security is the main topic holding back the adoption of cloud computing. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking security best-practices into new cloud initiatives."

~ Guy Churchward, CEO, " LogLogic

“The CCSK is what is needed to help define and separate security professionals who are interesting in making cloud security better,” said . “The term “cloud computing” has so many different meanings it’s hard to know if people are just throwing out buzz words or if they truly understand its meaning. The same can be said about cloud security, there is a lot of talk about why cloud computing is insecure and what needs to be done to make it secure. The CCSK program will help provide the comprehensive understanding that is needed going forward.”

~ David Lingenfelter, Information Security Officer, MaaS360 by Fiberlink

“With CCSK certification, professionals who have Cloud Computing responsibilities can demonstrate thorough Cloud security knowledge based on the CSA’s catalogue of security best practices.”

~ Patrick Harding, CTO, Ping Identity

“Certificate of Cloud Security Knowledge (CCSK) is a natural step for security, IT and other professionals to demonstrate their awareness of cloud computing based on the Cloud Security Alliance Guidance v2.1. This certification will address the demand for knowledgeable professionals who can evaluate and implement cloud computing within their organization.”

~ Randy Barr, CSO, Qualys, Inc.

“Solutionary, Inc. is a corporate member of CSA, and has several of their security consultants scheduled for the CSA certification program.”

~ Pamela Fusco, VP of industry solutions, Solutionary, Inc.

“The Cloud Security Alliance’s User Certification is a big step forward in ensuring that IT professionals considering deploying applications into the cloud understand security issues.”

~ Todd Thiemann, Senior Director, Datacenter Security, Trend Micro

“Moving to the cloud is a significant risk management decision for CIO and CISOs given unproven security models and reduced indemnification. Veracode has long been advocating for independent security verification for the application development and delivery ecosystem and we support the CSA’s new user certification program as one of the key pillars for building secure software.”

~ Matt Moynahan, CEO, Veracode

“CSA is pioneering the cloud computing industry by developing programs to ensure that critical security needs are addressed. With the newly created CCSK certification program, IT professionals and businesses alike will benefit from the knowledge based training, helping to provide greater surety that the appropriate security controls are exercised when cloud based applications are adopted in the enterprise.”

~ Nico Popp, vice president of product development, VeriSign

"Despite the clear agility and cost saving benefits, there are factors which are holding back Cloud usage. These include a deficit of trust and reliability. Enterprises simply do not trust third-parties to protect their sensitive data and connections to Cloud services may be subject to delays and outages. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking trust and reliability-oriented security best-practices into new cloud initiatives."

~ Mark O'Neill, CTO, Vordel

"As enterprises move toward cloud computing, they are desperately seeking guidance and education in this new domain. CSA is bridging this gap and the CCSK provides an important first step in establishing baseline knowledge for individuals tasked with building and managing applications to the cloud."

~ Michael Sutton, VP, Security Research, Zscaler

"CCSK is a much needed next step in the evolution of secure cloud computing because its guidelines are focused on tangible steps that can be taken to assure organizations to take advantage of the benefits of cloud computing in a secure and compliant manner."

~ Dipto Chakravarty, general manager of Cloud Security Services and vice president of engineering for Identity & Security, Novell

Cloud Architecture

What are the five essential characteristics of cloud computing?

Governance and Enterprise Risk

Which third party management practices are recommended to mitigate risks encountered with cloud service provider engagements?

Legal and Electronic Discovery

In which three ways can we distinguish cloud computing from traditional outsourcing?

Compliance and Audit

What is the key aspect of a cloud provider's SAS 70 Type II audit statement a customer should review to determine if it meets customer requirements?

Information Lifecycle Management

What are the six phases of the data security lifecycle?

Portability and Interoperability

Which practices will minimize software modification when porting Platform as a Service (PaaS) solutions?

Traditional Security, BCM, D/R

Cloud providers can minimize risks of insider abuse via which recommended best practices?

Data Center Operations

What research can a customer do to predict whether a cloud provider's system availability and performance will meet service level agreement commitments?

Incident Response

What capabilities can a cloud provider deliver to support offline analysis of potential incidents?

Application Security

What are key success factors to support application security in Infrastructure as a Service (IaaS) environments?

Encryption and Key Management

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

Identity and Access Management

Which prominent standards should be considered to federate customer identity management systems with cloud providers?


Why do communications between multiple virtual machines often evade tradition security monitoring systems?