The CCSK examination is a hour-long online test and consists of 50 multiple choice questions. 70% of the questions...
are based on the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 20% are on the European Network and Information Security Agency's (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security", with the remaining 10% relating to the best practices detailed in both documents. The pass mark is 80%.
Can you have total confidence that the cloud services you use are secure and robust because they've been designed and implemented by people with CCSK? Of course not. All it proves is that an individual has successfully completed an examination covering the key concepts of the CSA and ENISA guidance. It confirms someone has the knowledge, but not necessarily the practical experience of using that knowledge. What it does show is a commitment to security and that certainly allows for more confidence. Anyone with CCSK should have an understanding of cloud security issues and best practices, so hopefully basic security controls will be in place and correctly implemented.
Moving to the cloud is a significant risk management decision for any organization. Security is certainly the most significant issue holding back the adoption of cloud computing for confidential information or critical business processes. The industry certainly needs professionals who can implement cloud computing with the appropriate security controls, and training and certification are a necessary part of that process. Any certificate can give a false sense of security, but this certification, while certainly helping public relations, will help organizations when they look to recruit staff, as it will show the level of knowledge of the security threats and best practices in cloud security. The security model for cloud computing is unproven, and, because it's new, there is a lack of guidance and education. The Cloud Security Alliance is doing a god job of changing that; if you're interested in learning more about the CCSK, visit www.cloudsecurityalliance.org.
Dig Deeper on Secure SaaS: Cloud application security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.