CERTIFICATIONS:
HOW IMPORTANT
ARE THEY?
Home
Cloud security certifications: How important are they?
ore and more
certifications are being
created around cloud security. An expert
looks at some of the more prominent
certifications and examines their value.
Home
Cloud security certifications: How important are they?
CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT
ARE THEY?
Sean Martin
The cloud, virtualization and a variety of “as a service” functions have become core elements of most business infrastructures -- with capabilities ranging from baseline email and content management to specialized services, such as business intelligence and disaster recovery. Even with concerns over security remaining top-of-mind for most organizations, the use of public, private and hybrid clouds has skyrocketed.
While the security concerns haven’t disappeared, they have become better understood, and the risks have garnered some level of mitigation. One driver behind this could be the increase in awareness, communication, training and certifications revolving around the cloud and its security requirements.
If you are a CSO working for a company that leverages cloud technologies to run its business, what should you look for in a candidate to add to your staff? Should they be certified in cloud technologies, security, cloud security or some combination therein? What about certification for a management role versus
Home
Cloud security certifications: How important are they?
certification for a hands-on architecture/technical implementation role? To begin to answer these questions, let’s first look at the different types of certifications that are available, as well as the pros and cons.
VENDOR-NEUTRAL CLOUD SECURITY CERTIFICATIONS
For independent, vendor-neutral cloud security certifications, the pros include a focus on securing the cloud regardless of the underpinning technology. These certifications also develop a security mindset that can be applied to a variety of cloud-enabled environments. However, the major disadvantage is that these certifications do not go deep enough to cover every aspect of functionality for every major cloud vendor and cloud technology, thereby forcing certificate holders to learn about these intricacies separately. A few examples of this kind of certification include the Cloud Credential Council’s Professional Cloud Security Manager (PCS)and the Cloud School’s Certified Cloud Security Specialist.
VENDOR CLOUD SECURITY CERTIFICATIONS
For cloud security certifications created by vendors, the advantage is that they cover the intricate details of the vendor’s technologies and how security should be applied to the vendor’s virtualized and cloud environment at a high level.
Home
Cloud security certifications: How important are they?
The drawback is that the certifications don’t cover other elements connected to each vendor’s cloud technologies and are usually solely focused on that specific vendor. A good example of this kind of certification includes IBM’s Certified Solution Architect-Cloud Computing Infrastructure (CSA-CCI), which focuses on key security areas.
GENERAL CLOUD CERTIFICATIONS
General cloud certifications are valuable in that they provide in-depth understanding of cloud technologies and architectures and may also provide a hint of security as it relates to keeping the cloud up and running. The obvious con is that they offer a limited view into security. VMware’s Certified Advanced Professional-Cloud Infrastructure Design is an example of this type of certification.
SECURITY CERTIFICATIONS
Enterprise and information security certifications offer an in-depth understanding of the threats facing a variety of networks, devices, and environments for networks and applications in on-premises environments. But they offer limited coverage of cloud-specific technologies. Here’s a list of the top vendor-neutral information security certifications.
Home
Cloud security certifications: How important are they?
GOVERNMENT CERTIFICATIONS
These certifications connect to many government standards and regulations critical for success within government IT environments, both on-premises and in the cloud. However, the guidance may fall short or may not directly apply in commercial settings. Some of these certifications, such as the Federal IT Security Professional Certification, are actually developed and managed by non-profit organizations rather than a government agency. Other government certifications, such as FedRAMP, are for organizations and not individuals.
THE RISE OF CLOUD SECURITY CERTIFICATIONS: WHY ARE THEY NEEDED?
As the use of the cloud and the criticality of the services running on the cloud are rising, the threats are also rising and growing more complex. The combination of public, private and hybrid cloud implementations makes securing an organization’s cloud environment that much more challenging. To make matters worse, the number of people who have a combined, in-depth understanding of the cloud and security is low. Worse yet, there is a huge deficiency in security professionals.
Speaking of filling roles in security, what is the value of a certification to companies looking to hire people with cloud security knowledge? First,
Home
Cloud security certifications: How important are they?
it creates a standard level of understanding of security as it relates to cloud technologies used by the organization. Second, it develops a common language throughout the organization that can be used to identify, discuss, and respond to security risks and threats affecting cloud implementations. And lastly, it increases confidence that security is taken seriously by subject matter experts, for both the physical and virtual aspects of the organization’s network.
But the value isn’t all one-sided; certification also provides benefits to the individuals seeking employment by giving them standardized recognition for technical knowledge and skills. It also increases the possibility of being seen as a thought leader, and can open greater opportunities for career advancement and higher pay.
Who typically holds a cloud security certification? In my experience, the types of professionals holding cloud security certifications include security professionals at security software companies and cloud service providers, solution architects at solution providers or resellers, consultants at system integrators and IT consulting firms, and your die-hard “I want them all” certificate holders.
Home
Cloud security certifications: How important are they?
THE MOST PROMINENT CLOUD SECURITY CERTIFICATIONS
In many cases, I found that if an individual holds one cloud security certification, then they hold multiple certifications across a range of different vendors and security areas. Generally speaking, it’s good for security professionals to hold a combination of prominent vendor-neutral certifications along with a few top vendor-specific certifications.
In my experience, the ISC2’s Certified Information Systems Security Professional (CISSP) and the Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) often lead the certification list for many security professionals, and are the two most common certifications I’ve seen related to cloud security.
A carefully selected collection of certifications can drive up the professional value of their respective holder. So what are some of the other top certifications for cloud security? To get a better sense of this, I consulted with “Tom” Tan Sarihan, a fellow CISSP and security professional with KOBIL Technologies in San Francisco, to see how he viewed the different certifications. We came up with a list of nine of the most prominent cloud-related security certifications, sorted from management-level to entry-level:
Home
Cloud security certifications: How important are they?
1. ISC2 CISSP-ISSMP (Information System Security Management Professional): Demonstrates knowledge of enterprise security governance, breach management, business continuity and disaster recovery from the management-level point-of-view.
2. ISACA CISM (Certified Information Security Manager):
Demonstrates knowledge of enterprise security governance, breach management, business continuity and disaster recovery from the management-level point-of-view.
3. ISC2 CISSP-ISSAP (Information System Security Architecture Professional): Demonstrates in-depth knowledge of secure enterprise architectures with initial coverage of cloud security.
4. ISC2 CISSP: Demonstrates in-depth knowledge of security with some coverage of cloud security; this certification fits a variety of roles: management, architect, engineer.
5. VMware VCP (VMware Certified Professional)-Cloud:
Demonstrates knowledge of virtualization, cloud technologies, and provides some security coverage.
6. Cisco CCIE (Cisco Certified Internetwork Expert) Security or CiscoCCNP (Cisco Certified Network Professional) Security
Home
Cloud security certifications: How important are they?
(formerlyCCSP): Demonstrates knowledge of the general infrastructure security of cloud-enabled environments.
7. CSA CCSK: Demonstrates knowledge of cloud architecture in general; good for someone in a dedicated cloud security role.
8. EC-Council CEH (Certified Ethical Hacker): Demonstrates the ability to put cloud security thinking and related penetration actions to the test (no pun intended).
9. CompTIA Cloud+: Demonstrates knowledge of network protocols, cloud basics and some cloud security coverage.
CONCLUSION
For companies looking to hire managers that have security expertise with a cloud focus, they should look at each candidate’s general cloud and security certifications. If the company wants hands-on technical expertise, they should look at vendor-specific cloud certifications coupled with vendor-neutral cloud security certifications. If security is absolutely critical as a means to protect the cloud-enabled business systems, processes and data, then adding vendor-neutral cloud security certifications to the mix is highly recommended.
Home
Cloud security certifications: How important are they?
Of course, there’s no replacement for real-world experience; in addition to the certifications each candidate holds, companies should give equal consideration their professional experience.
Home
Cloud security certifications: How important are they?
FREE RESOURCES FOR TECHNOLOGY PROFESSIONALS
TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web’s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more —drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts.
WHAT MAKES TECHTARGET UNIQUE?
TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers—all to create compelling and actionable information for enterprise IT professionals across all industries and markets.
