The CCSK examination is a hour-long online test and consists of 50 multiple choice questions. 70% of the questions...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
are based on the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 20% are on the European Network and Information Security Agency's (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security", with the remaining 10% relating to the best practices detailed in both documents. The pass mark is 80%.
Can you have total confidence that the cloud services you use are secure and robust because they've been designed and implemented by people with CCSK? Of course not. All it proves is that an individual has successfully completed an examination covering the key concepts of the CSA and ENISA guidance. It confirms someone has the knowledge, but not necessarily the practical experience of using that knowledge. What it does show is a commitment to security and that certainly allows for more confidence. Anyone with CCSK should have an understanding of cloud security issues and best practices, so hopefully basic security controls will be in place and correctly implemented.
Moving to the cloud is a significant risk management decision for any organization. Security is certainly the most significant issue holding back the adoption of cloud computing for confidential information or critical business processes. The industry certainly needs professionals who can implement cloud computing with the appropriate security controls, and training and certification are a necessary part of that process. Any certificate can give a false sense of security, but this certification, while certainly helping public relations, will help organizations when they look to recruit staff, as it will show the level of knowledge of the security threats and best practices in cloud security. The security model for cloud computing is unproven, and, because it's new, there is a lack of guidance and education. The Cloud Security Alliance is doing a god job of changing that; if you're interested in learning more about the CCSK, visit www.cloudsecurityalliance.org.
Dig Deeper on Secure SaaS: Cloud application security
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.