Cloud computing is the new style of organising IT (information technology). It brings great benefits, as well as new security and governance risks. The Certificate of Cloud Security Knowledge (CCSK) addresses these risks.


The Cloud Security Alliance (CSA) has developed a widely adopted catalog of security best practices, the “Security Guidance for Critical Areas of Focus in Cloud Computing, V4.0“. This document was last updated significantly in 2017, even though it was first published in 2009. In addition, the European Network and Information Security Agency (ENISA) created a whitepaper called “Cloud Computing: Benefits, Risks and Recommendations for Information Security“. This is also an important contribution to the cloud security body of knowledge.

Together these documents are a broad foundation of knowledge about cloud security. Their topics range from architecture, governance, compliance, operations, encryption, virtualization and much more.

CCSK facilitates a common understanding of cloud security concepts. This increases the quality of risk decisions taken. It is also developed and maintained by the Cloud Security Alliance (CSA).

The Certificate

The CCSK certification is an individual certification that can be earned after an online exam.

Passing the exam is evidence that an individual is knowledgeable about cloud security. In particular this means understanding of the key concepts of the CSA guidance and ENISA whitepaper, and the CSA Cloud Controls Matrix.

Value of CCSK

Thousands of IT and security professionals have obtained the certificate. It is therefore no surprise that listed CCSK as #1 on the list of Top Ten Cloud Computing Certifications.

When a team goes through CCSK training together, their collaboration improves. They are on the same page, and they can bridge their diversity. As a result, good ideas get accepted quicker, and bad ideas get killed more swiftly.

CCSK is also the basis for many consumer/vendor discussions around risk and assurance, and starts to become required in many segments. CCSK is also the basis for the CCM (Cloud Controls Matrix) and the STAR (Security Trust Assurance Registry).

CCSK is often contrasted with CCSP (Certified Cloud Security Professional), read my comparison here.


It proves to be efficient to take a course on CCSK, classroom or online. But maybe you want to get started on my free CCSK mini course first.

Our training calendar can be found here, and if you want to stay up to date on new events, sign up for the cloud security 101 paper here (no obligation).

ISC2 Official Training Provider
Cloud Security Alliance - Certified Partner

Geef een reactie