Cloud computing is the new style of organising IT (information technology). It brings great benefits, as well as new security and governance risks. The Certificate of Cloud Security Knowledge (CCSK) addresses these risks.
The Cloud Security Alliance (CSA) has developed a widely adopted catalog of security best practices, the “Security Guidance for Critical Areas of Focus in Cloud Computing, V4.0“. This document was last updated significantly in 2017, even though it was first published in 2009. In addition, the European Network and Information Security Agency (ENISA) created a whitepaper called “Cloud Computing: Benefits, Risks and Recommendations for Information Security“. This is also an important contribution to the cloud security body of knowledge.
Together these documents are a broad foundation of knowledge about cloud security. Their topics range from architecture, governance, compliance, operations, encryption, virtualization and much more.
CCSK facilitates a common understanding of cloud security concepts. This increases the quality of risk decisions taken. It is also developed and maintained by the Cloud Security Alliance (CSA).
The CCSK certification is an individual certification that can be earned after an online exam.
Passing the exam is evidence that an individual is knowledgeable about cloud security. In particular this means understanding of the key concepts of the CSA guidance and ENISA whitepaper, and the CSA Cloud Controls Matrix.
Value of CCSK
Thousands of IT and security professionals have obtained the certificate. It is therefore no surprise that CIO.com listed CCSK as #1 on the list of Top Ten Cloud Computing Certifications.
When a team goes through CCSK training together, their collaboration improves. They are on the same page, and they can bridge their diversity. As a result, good ideas get accepted quicker, and bad ideas get killed more swiftly.
CCSK is also the basis for many consumer/vendor discussions around risk and assurance, and starts to become required in many segments. CCSK is also the basis for the CCM (Cloud Controls Matrix) and the STAR (Security Trust Assurance Registry).