A personal take on current cloud computing security certification.

If you have been working in the Information Security field and already hold the certification such as CISSP and CISM and now want to understand the security challenges associated with Cloud Computing which certification should you go for? The Cloud Computing Security Knowledge (CCSK) from the Cloud Security Alliance is arguably the leading market contender.

Why choose CCSK?

CCSK is not the only course focusing on Cloud Computing security. None of the others like CompTIA, CloudU and the numerous vendor specific courses share the scale of support from the global Cloud Computing industry. The course content and design is the product of input from numerous industry experts from organisations and corporations that are shaping the developing global Cloud Computing environment. Although still in its early days, CCSK has arguably established a clear lead in international recognition.

Best Approach?

Completing the CCSK test is not easy. Writing in the summer of 2011, Jim Reavis, executive director of the Cloud Security Alliance reported that Cloud Security Certification Not So Simple and shared a surprising statistics that only 53% had passed.

How easy or difficult the candidate finds the test depends on the unique circumstances of the candidate. If Cloud Computing security is your thing and are looking for an industry recognised and respected qualification, CCSK could be for you. It is not for absolute beginners. If you have a few years of InfoSec experience and are able to self study, here are some steps in sequences which should help.

1. Use the social media (Twitter, Facebook, LinkedIn groups, blogs and podcasts) to keep abreast of Cloud Security Issues.
2. Consciously interact with the cloud. Make regular use of one or more of the following:  Skydrive, Icloud, Dropbox, Google Apps or any of the growing list of similar applications.
3. Setup free accounts on e.g. Amazon Web Services  and use its Simply Storage Service (S3) and Elastic Cloud Computing (EC2).  If like me you are a fan of open source try cloudstack instead of Amazon.
4. A high quality and free cloud security course has been developed by a Ben Kepes, an internationally recognised commentator on Cloud Computing (who also happens to be a farmer from South Island in New Zealand) called CloudU.  Although CloudU is made available under the auspices of Rackspace, it is a vendor neutral Cloud Computing course focusing on security. To attain the certificate you have series of ten lessons/white papers, each followed by a quiz with ten questions followed by a final quiz with fifty questions randomly chosen from all of the ten lessons.  The pass mark is 80% in every case and should you not be successful – simply try again.
5. Preparation for the CCSK course depends so much on your experience, so there can be no single approach.  Familiarity with the contents of the two key documents and some of the others listed above is crucial. Depending on your personal history you will find the content of some domains so obvious that you will choose to skip them.

Download the full paper in pdf here.