“(ISC)2 and CSA have each recognized that the global economy’s reliance on cloud services has advanced extremely quickly”, explains Jim Reavis, co-founder and executive director of the Cloud Security Alliance. “Businesses are moving vast amounts of data into the cloud, and consumers are gobbling up new, usually mobile services that emerge on a daily basis. It is incumbent upon us to make our collective experience as accessible as possible, and the further development of professional-level recognition is key to achieving this.”
(ISC)2 is the world’s largest not-for-profit information security professional body, and administrates the CISSP professional security qualification. In the 2013 Global Information Security Workforce Study (GISWS) published earlier this year, 60% of the 12,000 respondents (gathered from (ISC)2’s 90,000 members and the general security community) confirmed cloud computing as the number one need for training. ‘How security applies to cloud’ and ‘an enhanced understanding of cloud security guidelines and reference architectures’ were noted as the top two skills required for dealing with cloud computing (89% and 78% respectively). With such a demand, it was only natural that (ISC)2 should form an alliance with the world’s existing cloud security experts – the Cloud Security Alliance (CSA) to provide a solution. The Cloud Security Alliance, “led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders,” was formed to promote the use of best practices for providing security assurance within Cloud Computing.
The issue at stake is well illustrated in Europe. The European Union is strongly advocating greater use of cloud computing while at the same time pushing for new and enhanced data protection policies. How the two can co-exist has become a hot topic for debate, and clearly requires a deep understanding of cloud technology, security risks, and compliance requirements. But the basic decision to adopt the cloud is usually a business decision based on business arguments, and one that is imposed on IT and Security as a fait accompli.
Understandably, comments John Colley, managing director EMEA for (ISC)2, “The Information security community remains concerned about the proliferation of cloud computing because it is making its way into the mainstream without the associated risks being well understood. Establishing professional norms will ensure the required knowledge and decision-making skills are proliferated.”
The alliance between the CSA and (ISC)2 will combine the existing body of expertise held by the CSA with (ISC)2’s methodology for the development and maintenance of professional security credentials. “There is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses,” concludes W. Hord Tipton, executive director for (ISC)2. “Our combined effort ensures the world’s knowledge leaders are put to the task.”
The new credential and first examinations are expected to be available in 2014.