Many professionals seeking a career in cloud security turn to certifications to advance their learning and prove…
their knowledge to potential employers. The number of cloud security certifications has increased in recent years, however, making it difficult for students and practitioners to decide which to pursue.
Are you trying to parse the differences and figure out which certifications will most advance your knowledge and career? Get the lowdown on the best cloud security certifications here.
The importance of certifications
Although the debate over the value of security certification programs is hotly contested, they are still one of the top ways employers screen job candidates and assess an interviewee’s baseline knowledge. And the fact is that most certifications deliver more significant benefits to professionals than traditional self-study options.
A certification, for instance, covers broader topics than those of interest to the student, which requires learning more than just the minimum around a specific topic. Skipping a few dull, but important chapters isn’t a wise decision if an expensive exam is coming up.
Certification exams also force students to study the material, not just skim it. Exam dates provide a deadline to finish the material. Certificates also show employers that future employees have put significant time and money into obtaining the certificates and their associated skills.
The infosec industry has been around for decades and has some of the best-known certifications. ISC2’s CISSP, for instance, was released in 1994, and ISACA’s Certified Information Systems Auditor (CISA) certification dates back to 1978.
These older, well-established certification providers have added cloud components to their material, but the depth of those add-ons can be limited — sometimes, just a few pages in a book. Considering the importance of cloud technologies and the persistent threat of cloud-specific attacks, more focus is required.
Let’s look at some certification providers that have introduced dedicated, in-depth cloud security certifications, as well as what cloud security pros can expect when pursuing them.
1. ISC2 Certified Cloud Security Professional (CCSP)
The most well-known and established cloud security certification is ISC2’s CCSP. Although ISC2’s CISSP now contains more cloud material than in years past, the nonprofit’s specialized CCSP program takes it to the next level and covers a broad range of cloud-related topics, from cloud application security to cloud platform security.
Students should expect to invest quite a bit of time to pass this exam and use a self-led or instructor-led training to prepare for this certification.
Candidates must have a minimum of five years of paid work experience in IT before becoming certified. Three years must be in infosec, and one year must be in one or more of the six domains included in the CCSP Common Body of Knowledge (CBK):
- Cloud Concepts, Architecture and Design (17% of exam).
- Cloud Data Security (20%).
- Cloud Platform & Infrastructure Security (17%).
- Cloud Application Security (17%).
- Cloud Security Operations (16%).
- Legal, Risk and Compliance (13%).
Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge can be substituted for one year of experience in one or more of the CCSP domains. Obtaining CISSP covers all prerequisites.
2. CSA Certificate of Cloud Security Knowledge (CCSK)
CSA’s CCSK is a lighter alternative to CCSP certification. Launched in 2010, this certificate is dedicated to cloud security. Like CCSP, CCSK goes into technical details.
CCSP and CCSK have a few major differences. For example, the CBK is not as broad for CCSK as it is for CCSP. The study material for CCSK — sourced from “CSA Security Guidance v.4,” CSA Cloud Controls Matrix and the “European Union Agency for Cybersecurity’s Cloud Computing Risk Assessment” report — is available on the internet for free, so no books or training courses are required. The CCSK certification also has no prerequisites or experience requirements. In addition, the CCSK exam is available online and is open book.
CCSK is a good alternative cloud security certification for an entry-level to midrange security professional with an interest in cloud data security but no justification to spend the time and money required for the CCSP certification.
CCSK covers 16 domains, including Cloud Computing Concepts and Architecture, Data Security and Encryption, and Security as a Service.
3. ISACA and CSA Certificate of Cloud Auditing Knowledge (CCAK)
In March 2021, ISACA and CSA jointly released CCAK, which builds on and complements CCSK content. It also complements ISACA’s CISA and Certified Information Security Manager certifications. Applicants are advised to achieve their CCSK prior to taking CCAK, though it is not a prerequisite.
Assessors and auditors, compliance managers, vendor and partner program managers, security and privacy consultants, security analysts and architects could benefit from the training, which covers the following domains:
- Cloud Governance.
- Cloud Compliance Program.
- CCM and CAIQ: Goals, Objectives and Structure.
- A Threat Analysis Methodology for Cloud Using CCM.
- Evaluating a Cloud Compliance Program.
- Cloud Auditing.
- CCM: Auditing Controls.
- Continuous Assurance and Compliance.
- STAR Program.
Candidates can choose self-study or attend CCSK training. Training options include online self-paced, online instructor-led and in person.
4. GIAC Cloud Security Automation (GCSA)
Launched in April 2020, GIAC’s GCSA certification is specifically designed for developers, analysts and engineers working to secure cloud and DevOps environments. It encompasses topics such as automation of configuration management, continuous integration/continuous delivery, and continuous monitoring, as well as how to use open source tools, the AWS toolchain and Azure services.
The GIAC certification is based on SANS Institute’s in-person or online “SEC540: Cloud Security and DevSecOps Automation” course. This five-day course, which includes hands-on labs, covers topics in the following five sections:
- DevOps Security Automation.
- Cloud Infrastructure Security.
- Cloud Native Security Operations.
- Microservice and Serverless Security.
- Continuous Compliance and Protection.
The exam can be purchased by itself or at a discounted rate when bought in conjunction with the SANS training. Purchasing a certification attempt comes with two practice tests, which are in the same format as the exam.
5. GIAC Cloud Security Essentials (GCLD)
Released in April 2021, GIAC’s GCLD covers how to evaluate cloud service providers and how to plan, deploy and secure single and multi-cloud environments, as well as topics such as cloud auditing, security assessments and incident response.
Specialized for security engineers, analysts, managers and auditors, GCLD aims to help candidates prove their knowledge about how to prevent, detect and react to cloud workload security events.
GCLD certification is based on “SEC488: Cloud Security Essentials,” a six-day course with hands-on training that teaches the following:
- Identity and Access Management (IAM).
- Compute and Configuration Management.
- Data Protection and Automation.
- Networking and Logging.
- Compliance, Incident Response and Penetration Testing.
- CloudWars.
The SANS training, offered online and in person, has no prerequisites, but a basic understanding of networking, security, Linux and the cloud is beneficial.
GIAC also offers specialized certifications that could apply depending on the candidate’s career path. These include the following:
6. Mile2 Certified Cloud Security Officer (C)CSO)
The C)CSO certification from Mile2 consists of a five-day program that includes instructor-led sessions, self-study time and live virtual trainings. It is composed of 15 modules:
- Introduction to Cloud Computing and Architecture.
- Cloud Security Risks.
- ERM and Governance.
- Legal Issues.
- Virtualization.
- Data Security.
- Data Center Operations.
- Interoperability and Portability.
- Traditional Security.
- BCM and DR.
- Incident Response.
- Application Security.
- Encryption and Key Management.
- Identity, Entitlement and Access Management.
- Auditing and Compliance.
It also consists of 23 labs, including PaaS in Azure and Encryption/Key Management in SaaS.
Part of Mile2’s Cloud Security and Virtualization career path, this advanced certification is ideal for professionals seeking careers in virtualization, cloud administration, auditing and compliance.
General knowledge of cloud architectures and one year of experience in both virtualization and infosec are recommended.
7. Arcitura Certified Cloud Security Specialist
Arcitura’s Certified Cloud Security Specialist certification focuses on the security threats associated with cloud platforms, cloud services and other cloud technologies, including virtualization. Geared toward IT and security professionals, as well as cloud architects, the Certified Cloud Security Specialist certification is composed of the following three modules:
- Fundamental Cloud Security contains training on cloud security mechanisms and threats, cloud auditing and cloud IAM.
- Advanced Cloud Security offers training on attack lifecycles, threat modeling and VM protection.
- Cloud Security Lab includes exercises on IAM in the cloud, public key infrastructure in the cloud, and cloud encryption and key management.
The 30-hour training course culminates with the Cloud Security Specialist exam and certification. A general background in IT is recommended.
8. and 9. CompTIA Cloud Essentials+ and Cloud+
CompTIA offers two certifications that, while not security-specific, cover cloud security topics. Cloud Essentials+ is geared toward cloud business decision-making, while Cloud+ is more about technical cloud implementation.
The entry-level Cloud Essentials+ certification covers cloud security concerns and measures, as well as risk assessment, cloud security policies and compliance. Six months to one year of IT business analyst experience, along with some cloud technology experience, is recommended. The more in-depth Cloud+ certification covers security configurations, access control, key and certificate management, and segmentation and microsegmentation. Two to three years of system administration or networking experience are recommended, in addition to CompTIA Network+ and Server+ certifications.
10. Vendor-specific cloud security certifications
Because many enterprises work with specific vendors and technologies, it could be fruitful for their security team members to hold certifications in those areas. Some cloud platform providers offer practical product training, including the following:
Sharon Shea is executive editor of TechTarget Security.