Beginning Sept. 1, the non-profit CSA will begin offering its Certificate of Cloud Security Knowledge (CCSK) designed to assess IT professionals’ knowledge and competency over a broad range of cloud computing security threats and best practices. CCSK assessment will be conducted online via the CSA website, and is available to both cloud computing consumers and providers.
The term ‘cloud computing’ has been thrown about rather endlessly in recent years, often without precise definition. For that reason, Jim Reavis, executive director and co-founder of the CSA, briefly characterized the concept in terms of how the CSA views it.
Cloud computing can be identified, for the most part, according to the NIST definition Reavis said. It is defined, physically speaking, by its elasticity of service, its metered or measured nature, and the fact that it’s a sharing of computing assets.
“We also add the multi-tendency [of cloud]. You have potential customers with different agendas, maybe even competitors, that are, in essence, sharing the same physical infrastructure.”
What the CCSK ensures, added Reavis, is that IT practitioners are tested on a basic level of competency regarding cloud computing security issues and best practices, and how these may differ from the traditional outsourcing model.
He briefly outlined the CCSK as covering a broad base of questions as they relate to cloud computing, including definition of terminology, legal issues, contractual issues, risk management, supply chain issues, identity management, virtualization hardening, encryption, and access control.
Reavis told Infosecurity that the CCSK is not a user accreditation or validation of other educational experience, but rather an online offering designed to test IT practitioners’ mastery of cloud computing security issues.
“Certifications are not intended to be a silver bullet”, he admitted. “But the intention behind it is to raise the bar of knowledge, raise the baseline of awareness of security issues, and mitigating controls and best practices in cloud.”
The CSA executive director said the CCSK is available online, for all interested parties worldwide, beginning Sept. 1. Although there is no educational component to the CCSK as yet, Reavis revealed that the CSA is talking with several potential partners about training offerings, which he hopes will be announced soon.
A certification in cloud computing security competency was the logical next step according to Reavis, and a necessary component of ensuring responsible adoption of cloud services. What the CCSK provides, he concluded, is an “objective way to measure if people are taking the right steps”.