The CCSK examination is a hour-long online test and consists of 50 multiple choice questions. 70% of the questions are based on the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 20% are on the European Network and Information Security Agency's (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security", with the remaining 10% relating to the best practices detailed in both documents. The pass mark is 80%.
Can you have total confidence that the cloud services you use are secure and robust because they've been designed and implemented by people with CCSK? Of course not. All it proves is that an individual has successfully completed an examination covering the key concepts of the CSA and ENISA guidance. It confirms someone has the knowledge, but not necessarily the practical experience of using that knowledge. What it does show is a commitment to security and that certainly allows for more confidence. Anyone with CCSK should have an understanding of cloud security issues and best practices, so hopefully basic security controls will be in place and correctly implemented.
Moving to the cloud is a significant risk management decision for any organization. Security is certainly the most significant issue holding back the adoption of cloud computing for confidential information or critical business processes. The industry certainly needs professionals who can implement cloud computing with the appropriate security controls, and training and certification are a necessary part of that process. Any certificate can give a false sense of security, but this certification, while certainly helping public relations, will help organizations when they look to recruit staff, as it will show the level of knowledge of the security threats and best practices in cloud security. The security model for cloud computing is unproven, and, because it's new, there is a lack of guidance and education. The Cloud Security Alliance is doing a god job of changing that; if you're interested in learning more about the CCSK, visit www.cloudsecurityalliance.org.
Dig Deeper on Secure SaaS: Cloud application security
Related Q&A from Michael Cobb
Apple's Quick Look feature previews thumbnails that are not encrypted. Learn how this poses a security threat to enterprises from expert Michael Cobb. Continue Reading
Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix ... Continue Reading
Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.