Certificate of Cloud Auditing Knowledge
The industry's first global cloud auditing credential.
The Certificate of Cloud Auditing Knowledge (CCAK) is a credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing cloud computing systems. The CCAK is being developed by the Cloud Security Alliance, the global leader in cloud security best practices and will be available in Q3 2020.
Filling the Skills Gap
Why is the Cloud Security Alliance developing the Certificate of Cloud Auditing Knowledge?
Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned and the new shared responsibility model means that IT audit must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Because Cloud Security Alliance has developed the most widely adopted cloud security audit criteria and organizational certification, we are uniquely positioned to lead industry efforts to ensure industry professionals have the requisite skill set for auditing cloud environments.
How is this certification program different from other IT audit certification programs?
Traditional IT audit education and certification programs have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. An audited organization using cloud computing will have a very different approach to satisfying control objectives. A cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional that is grounded in traditional IT audit practices. The CCAK provides a body of knowledge to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately as to the effectiveness of cloud security controls.
Body of Knowledge
The CCAK body of knowledge will include several existing familiar components. The Cloud Controls Matrix (CCM) is the fundamental framework of cloud control objectives that is the most popular collection of security controls for existing cloud audits. The companion Consensus Assessments Initiative Questionnaire (CAIQ) is the primary means for assessing a cloud provider’s adherence to CCM. The CSA Security, Trust, Assurance & Risk (STAR) program is the global leader in cloud security audits and self assessments. These components in addition to some new material provides the holistic body of knowledge that will comprise the Certificate of Cloud Auditing Knowledge (CCAK).
Who should earn the CCAK?
The CCAK is designed to provide CISOs, security and compliance managers, internal and external auditors and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services.
- (Cloud) Security third-party auditors
- (Cloud) Security internal auditors
- CISOs
- Chief Privacy Officers
- Data Protection Officers
- Compliance Managers
- Vendor/Partners Program Managers
- Procurement Officers
- CSA STAR Program Auditors/Assessors (STAR Certification, STAR Attestation)
- CSA Code of Conduct assessors
- Security and Privacy Consultants
Stay CCAK Informed
What are the opportunities to get involved or stay informed about the CCAK?
There are many opportunities to participate in the development of the CCAK. An individual may desire to volunteer to provide subject matter expert (SME) contributions and peer review. Organizations with a vested interest in cloud auditing may wish to be a founding sponsor. Please use our contact form to express your interest.