A personal take on current cloud computing security certification.

If you have been working in the Information Security field, already hold certifications such as CISSP and CISM, and now want to understand the security challenges associated with Cloud Computing, which certification should you pursue? The Cloud Computing Security Knowledge (CCSK) from the Cloud Security Alliance is arguably the leading market contender.

Why choose CCSK?

CCSK is not the only course focusing on Cloud Computing security. None of the others, like CompTIA, CloudU and the numerous vendor-specific courses, share the scale of support from the global Cloud Computing industry. The course content and design is the product of input from numerous industry experts from organisations and corporations that are shaping the developing global Cloud Computing environment. Although still in its early days, CCSK has arguably established a clear lead in international recognition.

Best Approach?

Completing the CCSK test is not easy. Writing in the summer of 2011, Jim Reavis, executive director of the Cloud Security Alliance, reported that Cloud Security Certification Not So Simple and shared a surprising statistic that only 53% had passed.

How easy or difficult the candidate finds the test depends on the unique circumstances of the candidate. If Cloud Computing security is your thing and you are looking for an industry-recognised and respected qualification, CCSK could be for you. It is not for absolute beginners. If you have a few years of InfoSec experience and are able to self-study, here are some steps in sequence which should help.

1. Use social media (Twitter, Facebook, LinkedIn groups, blogs and podcasts) to keep abreast of Cloud Security Issues.
2. Consciously interact with the cloud. Make regular use of one or more of the following: SkyDrive, iCloud, Dropbox, Google Apps or any of the growing list of similar applications.
3. Set up free accounts on e.g. Amazon Web Services and use its Simple Storage Service (S3) and Elastic Cloud Computing (EC2).  If, like me, you are a fan of open source, try CloudStack instead of Amazon.
4. A high-quality and free cloud security course has been developed by Ben Kepes, an internationally recognised commentator on Cloud Computing (who also happens to be a farmer from the South Island in New Zealand) called CloudU.  Although CloudU is made available under Rackspace’s auspices, it is a vendor-neutral Cloud Computing course focused on security. To attain the certificate, you have a series of ten lessons/white papers, each followed by a quiz with ten questions, followed by a final quiz with fifty questions randomly chosen from all of the ten lessons.  The pass mark is 80% in every case; if you are not successful, simply try again.
5. Preparation for the CCSK course depends heavily on your experience, so there is no single approach.  Familiarity with the contents of the two key documents and some of the others listed above is crucial. Depending on your personal history you will find the content of some domains so obvious that you will choose to skip them.

Download the full paper in pdf here.