Like the Blob, the titular alien visitor from the 1958 creature feature classic with Steve McQueen, the Cloud continues to grow in a relentless, but cool fashion. Instead of engulfing and dissolving organic matter, however, the cloud is ballooning in size as more and businesses increasingly rely on cloud technology to streamline data and deliver services. According to RightScale's fourth annual State of the Cloud Survey, 82 percent of enterprises reported using a multi-cloud strategy in 2014 — an increase of eight percent over the previous year.
Like bacon, the cloud is making everything better. But just like with bacon, some still aren't 100 percent convinced. According to the same study, most enterprises are running less than 20 percent of their workloads in the cloud, and 55 percent of respondents said that "at least another 20 percent of applications are built on cloud-friendly architectures and are ready for the cloud." There is obviously room for continued amorphous swelling.
Uncertainty seems to be one of the hurdles holding companies back from more complete cloud integration. This uncertainty is acute on the part of enterprises and hiring managers, who are appropriately concerned with issues of access, privacy, legal compliance and, of course, the always ubiquitous concerns about security. Many hiring officials are not even sure what to ask for when hiring people responsible for cloud security.
This is where (ISC)² comes in with its Certified Cloud Security Professional (CCSP) certification. Designed to help hiring managers and other executives navigate their way through cloud security issues, CCSP validates that professionals meet the highest standards for cloud security expertise and knowledge to utilize best practices.
The need to secure the cloud has never been greater. "This is an area that you don't want to learn from the school of hard knocks," said David Shearer, (ISC)²'s chief executive officer. "Cloud computing has emerged as a critical topic area within IT that requires further security considerations," Shearer said. "(ISC)² and the Cloud Security Alliance (CSA) teamed up in an effort to address the need to establish a common global understanding of professional knowledge and best practices in design, implementation, management and service orchestration of cloud computing systems."
Unlike existing cloud security credentials (there are a few), CCSP is vendor-neutral and designed to reflect overall best practices. In a more comprehensive way than could be manage with just a vendor-specific deep-dive, CCSP professionals are trained to speak a common language for dealing with the cloud. This consistent approach to cloud services and management enables CCSPs to provide a "holistic view of cloud disciplines, a common lexicon and understanding, and clear direction for their entire enterprises," said Shearer.
Cloud computing is expanding and evolving in wonderful ways. Today's common features and apps can change overnight, and security professionals need to stay abreast of current and future cloud advances. CCSP is an advanced professional credential that offers more than just the basic knowledge needed to pass an exam.
CCSP is much more comprehensive than the norm, offering exam and testing standards that meet ANSI requirements along with a legal commitment to a code of ethics, appropriate endorsements from certified professionals, and a strong commitment to continuing professional education. As Shearer sees it, these aspects "demonstrate that CCSPs are qualified and committed to tackling cloud security challenges of today and tomorrow."
Cloud adoption doesn't mean that an enterprise can dump its in-house security pros and let the cloud provider handle everything. They will still need certified security professionals onsite to address ongoing security responsibilities and cloud provider oversight functions. Utilization of the cloud is a shared-risk business relationship between acquirers and providers. As with any shared-risk relationship, customers and providers are going to need to work together. The only way to successfully address this shared-risk model is to "establish a very collaborative arrangement between the acquirer of cloud solutions and the provider," said Shearer.
The need for onsite cloud security certified professionals is acute because collaboration means more than a vague promise to work together. It involves numerous codification challenges of what constitutes an event, notification and remediation efforts, along with the nuances of backing up and expungement of data, and seemingly endless intellectual property issues. CCSPs are trained and certified in handling these and a multitude of other cloud related concerns to enable their enterprises to maintain governance and control of their data in the cloud.
CCSP was launched earlier this year in April and thus far appears to be doing well. Although (ISC)² doesn't release the numbers of IT professionals who have taken the certification course and exam, the response from participants has been very positive as to the applicability of the course subject matter for addressing the risks and opportunities of cloud-based solutions. One participant, Sven Olensky, Enterprise Information Security Architect, Newell Rubbermaid, said, "The knowledge taught as part of the CCSP exam preparation provides the necessary fundamentals to enable a student to become proficient in this field."
As more enterprises utilize cloud services, the demand for certified security professionals will continue rising. A 2015 Burning Glass research report revealed that there are more than 238,000 postings for cybersecurity-related jobs in the United States. These jobs account for 11 percent of all IT jobs, and command a nine percent salary premium over other IT jobs. Clearly, a CCSP offers some great opportunities for career advancement.
Earning a CCSP isn't easy. Applicants are required to have five years of cumulative, paid, full-time information technology experience, three years of which must be in information security, and one year working in one of six CBK domains:
- Architectural Concepts & Design Requirements
- Cloud Data Security
- Cloud Platform and Infrastructure Security
- Cloud Application Security
- Legal and Compliance
(ISC)² currently offers CCSP courses in three convenient formats: instructor led classrooms; live online instructor-led instruction; and on-demand with high-quality pre-recorded materials. For a more thorough exploration of the CCSP course and costs, click here. The good news, incidentally, is that earning a Certified Information Systems Security Professional (CISSP) certification can be substituted for the entire CCSP experience requirement. CCSP is also a natural step for holders of the CSA's Certificate of Cloud Security Knowledge (CCSK).
The gowning adoption of cloud services will increase the demand for security professionals able to apply the proper controls to public, private, community and hybrid cloud models. Hiring CCSP certified professionals is a great way for businesses to addresses the ever-increasing security complexities faced by enterprises as they continue to leverage cloud-based infrastructure, software and services more frequently.
Industry experts predict a deficit of 1.5 million cybersecurity professionals by 2020. The challenges of cloud security will only become more pressing. An enterprise's failure to secure data in the cloud can have disastrous consequences. CCSP professionals give employers a confident measure of understanding cloud utilization and more importantly the knowledge and ability to secure their crucial data.