The CCSK examination is a hour-long online test and consists of 50 multiple choice questions. 70% of the questions...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
are based on the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 20% are on the European Network and Information Security Agency's (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security", with the remaining 10% relating to the best practices detailed in both documents. The pass mark is 80%.
Can you have total confidence that the cloud services you use are secure and robust because they've been designed and implemented by people with CCSK? Of course not. All it proves is that an individual has successfully completed an examination covering the key concepts of the CSA and ENISA guidance. It confirms someone has the knowledge, but not necessarily the practical experience of using that knowledge. What it does show is a commitment to security and that certainly allows for more confidence. Anyone with CCSK should have an understanding of cloud security issues and best practices, so hopefully basic security controls will be in place and correctly implemented.
Moving to the cloud is a significant risk management decision for any organization. Security is certainly the most significant issue holding back the adoption of cloud computing for confidential information or critical business processes. The industry certainly needs professionals who can implement cloud computing with the appropriate security controls, and training and certification are a necessary part of that process. Any certificate can give a false sense of security, but this certification, while certainly helping public relations, will help organizations when they look to recruit staff, as it will show the level of knowledge of the security threats and best practices in cloud security. The security model for cloud computing is unproven, and, because it's new, there is a lack of guidance and education. The Cloud Security Alliance is doing a god job of changing that; if you're interested in learning more about the CCSK, visit www.cloudsecurityalliance.org.
Dig Deeper on Secure SaaS: Cloud services and systems
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.