RSS Alerts

Share

More services

Related Links

Related Stories

  • Hackers see opportunities in the cloud
    A survey conducted among IT professionals and hackers at last month’s DEF CON reveals concerns over cloud vendor security, and an opportunity for hackers.
  • A Clear Future for a Cloudy Concept
    Cloud computing – it’s an industry buzz word that is all the rage. The concept is hardly new, and many companies and organizations embraced cloud computing services long ago. However, as budgets remain strained, the push toward more economical cloud services remains ever-present. Stephen Pritchard asks the questions every enterprise needs to know about security when transitioning to the cloud
  • CSA launches security certification for cloud computing
    The Cloud Security Alliance (CSA) has unveiled the industry's first user certification program for secure cloud computing.
  • Security doubts are holding back mass cloud adoption
    Research from a supplier of cloud-based email security systems claims to show that, while a majority (51%) of US and UK IT departments are using cloud technology, there are still doubts about the technology and its security.
  • US federal agencies still not convinced about cloud security
    Most US federal agencies are concerned about potential information security risks associated with cloud computing, according to a government report.

Top 5 Stories

News

CSA ready for industry’s first cloud security exam

31 August 2010

The Cloud Security Alliance’s (CSA) executive director says new certification program will assess IT practitioners’ cloud security knowledge.

Beginning Sept. 1, the non-profit CSA will begin offering its Certificate of Cloud Security Knowledge (CCSK) designed to assess IT professionals’ knowledge and competency over a broad range of cloud computing security threats and best practices. CCSK assessment will be conducted online via the CSA website, and is available to both cloud computing consumers and providers.

The term ‘cloud computing’ has been thrown about rather endlessly in recent years, often without precise definition. For that reason, Jim Reavis, executive director and co-founder of the CSA, briefly characterized the concept in terms of how the CSA views it.

Cloud computing can be identified, for the most part, according to the NIST definition Reavis said. It is defined, physically speaking, by its elasticity of service, its metered or measured nature, and the fact that it’s a sharing of computing assets.

“We also add the multi-tendency [of cloud]. You have potential customers with different agendas, maybe even competitors, that are, in essence, sharing the same physical infrastructure.”

What the CCSK ensures, added Reavis, is that IT practitioners are tested on a basic level of competency regarding cloud computing security issues and best practices, and how these may differ from the traditional outsourcing model.

He briefly outlined the CCSK as covering a broad base of questions as they relate to cloud computing, including definition of terminology, legal issues, contractual issues, risk management, supply chain issues, identity management, virtualization hardening, encryption, and access control.

Reavis told Infosecurity that the CCSK is not a user accreditation or validation of other educational experience, but rather an online offering designed to test IT practitioners’ mastery of cloud computing security issues.

“Certifications are not intended to be a silver bullet”, he admitted. “But the intention behind it is to raise the bar of knowledge, raise the baseline of awareness of security issues, and mitigating controls and best practices in cloud.”

The CSA executive director said the CCSK is available online, for all interested parties worldwide, beginning Sept. 1. Although there is no educational component to the CCSK as yet, Reavis revealed that the CSA is talking with several potential partners about training offerings, which he hopes will be announced soon.

A certification in cloud computing security competency was the logical next step according to Reavis, and a necessary component of ensuring responsible adoption of cloud services. What the CCSK provides, he concluded, is an “objective way to measure if people are taking the right steps”.

This article is featured in:
Cloud Computing • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012