Certificate of Cloud Security Knowledge
What the Industry Says
"With data being the new currency, the control of trust in the cloud is ever more significant. The CSA updated Certificate of Cloud Security Knowledge (CCSK) brings practical guidance to security professionals deploying workloads in the cloud. It delivers the necessary controls that enable security professionals to deploy cloud applications with security and trust mind."
~ Gavin Hill, Director, Product Marketing, Venafi
“Having dealt with security since the creation of our Group 60 years ago, at Kudelski Security we are thrilled to leverage CSA’s Cloud Security Knowledge certification to bring our Cyber Security Division’s engineering experts to a common level of understanding of best practices and benefits of cloud computing. When training clients in corporate and public segments on information security standards, we highlight the importance of CSA’s CCSK certification for IT professionals who need to ensure adoption of secure cloud environment in their organizations.”
~ Joel Conus, VP Cyber Security Operations, Kudelski Security
“The CSA Certificate of Cloud Security Knowledge (CCSK) will provide a consistent way of developing cloud security competency and provide both organizations and agencies the confidence they need to adopt secure cloud solutions.”
~ Melvin Greer, Chief Strategist, Cloud Computing, Lockheed Martin
“The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud.”
~ Jerry Archer, CSO, Sallie Mae
“The Certificate of Cloud Security Knowledge provides individuals with a solid foundation in cloud security issues and best practices. Organizations that leverage this training will be better positioned to get the most out of their investments in cloud computing. In addition, the certification can be a large help with recruitment efforts as organizations can easily qualify the experience of an individual in cloud security if they have earned the CCSK certificate.”
~ Gary Phillips, senior director, technology assurance and standards research, Symantec Corp
"As the concept of cloud computing continues to evolve it's important that professionals responsible for managing and maintaining cloud environments keep current with the latest information. The Cloud Security Alliance continues to expand and capture more aspects of cloud computing with new areas of focus and guidance's while expand and adapting existing guidance's to the changing landscape. Continued updates to the CCSK certification is an important part of the rapidly evolving nature of cloud computing and a great measure of individuals commitments to understanding this evolving landscape."
~ David Lingenfelter, Information Security Officer, MaaS360 by Fiberlink
“With CCSK certification, professionals who have Cloud Computing responsibilities can demonstrate thorough Cloud security knowledge based on the CSA’s catalogue of security best practices.”
~ Patrick Harding, CTO, Ping Identity
"Despite the clear agility and cost saving benefits, there are factors which are holding back Cloud usage. These include a deficit of trust and reliability. Enterprises simply do not trust third-parties to protect their sensitive data and connections to Cloud services may be subject to delays and outages. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking trust and reliability-oriented security best-practices into new cloud initiatives."
~ Mark O'Neill, CTO, Vordel
"As enterprises move toward cloud computing, they are desperately seeking guidance and education in this new domain. CSA is bridging this gap and the CCSK provides an important first step in establishing baseline knowledge for individuals tasked with building and managing applications to the cloud."
~ Michael Sutton, VP, Security Research, Zscaler
"CCSK is a much needed next step in the evolution of secure cloud computing because its guidelines are focused on tangible steps that can be taken to assure organizations to take advantage of the benefits of cloud computing in a secure and compliant manner."
~ Dipto Chakravarty, general manager of Cloud Security Services and vice president of engineering for Identity & Security, Novell
CCSK Guidance V3
Click each domain to view a question from the V3 examination
What are the five essential characteristics of cloud computing?
Governance and Enterprise Risk
The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?
Legal and Electronic Discovery
In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data?
Compliance and Audit
What is the most important reason for knowing where the cloud service provider will host the data?
Information Lifecycle Management
What are the six phases of the data security lifecycle?
Portability and Interoperability
Why is the size of data sets a consideration in portability between cloud service providers?
Traditional Security, BCM, D/R
What are the four D's of perimeter security?
Data Center Operations
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?
What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents?
How should an SDLC be modified to address application security in a Cloud Computing environment?
Encryption and Key Management
What is the most significant reason that customers are advised to maintain in-house key management?
Identity and Access Management
What two types of information will cause additional regulatory issues for all organizations if held as an aspect of an Identity?
Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic?
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
Economic Denial of Service (EDOS), refers to...