No organization has a conversation about cloud computing without considering security.
Since IT will be in the center of the fray on that front, the (ISC)2 and Cloud Security Alliance (CSA), have announced that they will be developing an international cloud security certification.
Jim Reavis, co-founder and executive director of the Cloud Security Alliance, explained in a press release:
Businesses are moving vast amounts of data into the cloud, and consumers are gobbling up new, usually mobile services that emerge on a daily basis. It is incumbent upon us to make our collective experience as accessible as possible, and the further development of professional-level recognition is key to achieving this.
Currently, there is pent-up demand for cloud security know-how. “We debated going down this path for some time,” W. Hord Tipton, executive director for (ISC)2 told Enterprise Conversation in an interview. “So many buzz words come through the technical community that we resist until they become part of common vernacular.”
Clearly, cloud computing has become mainstream. In fact, cloud computing was identified as the top training priority for nearly 60 percent of the study’s more than 12,000 respondents, in the (ISC)2 2013 Global Information Security Workforce Study (GISWS). The vast majority, nearly three quarters, said that new skills were needed, and that deep technical knowledge and guidance about cloud security were key areas for them.
This partnership to create the new certification brings together impressive industry and technology expertise. The (ISC)2, which is the world’s largest not-for-profit information security professional body, administers the popular Certified Information Systems Security Professional (CISSP) credential.
The Cloud Security Alliance (CSA), another not-for-profit organization, promotes the use of best-practices for providing security assurance within cloud computing, and provides education on the use of cloud computing. The shared collaboration will allow the organizations to bring the new certification to reality in a matter of months, rather than years.
In fact, the (ISC)2 hopes to make the certification available by June 2014. “Creating a certification takes time, but it’s a lot easier when you have a partner like the CSA that already has infrastructure and connections has to draw from,” said Tipton. “We can create a robust body of knowledge quickly.” Working alone, (ISC)2 would have expected to spend three years doing research, conducting focus groups, sponsoring workshops, writing questions and making test pulls, he added.
The certification will address broad and detailed information. Said Tipton:
As organizations continue to adopt cloud computing at a rapid pace, there is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses. Our combined effort ensures the world’s knowledge leaders are put to the task.
The target of the new certification is broad, being aimed at those providing cloud services and infrastructure or those organizations that use cloud services as part of their business. In addition, the certification will be helpful to contracting managers who review service agreements and contracts from their cloud providers, Tipton said.
For more on why the world needs a cloud security certification, Cloudwards.net has written a piece on 5 reasons why cloud security is important for SMBs
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Hailey, June 2014 sounds a bit near to me – considering how big this project is and how many stake holders are involved… do you think they have set themeselves a realistic target?
I too would wonder at this early point exactly what you could hope to gleam from this certification. I would think with all the service providers and methods out there you would have to really boil it down to it very primary components in order to cover the length of subject as well as depth while remaining relevant for whatever period of time the certification would be good for. I am not saying that it is something that should not be done but I don’t envy anyone set with the task and agree that June 2014 is a very optimistic… Read more »
@Saul, the collaboration between the two organizations are what is going to make this possilbe, the told me. The CSA already has a bunch of data around best practices and current landscape. Meanwhile, (ISC)2 is already addressing cloud in its current certifications–so they an leverage that. THe (ISC)2 told me that without the collaboration it would easily take three or four years to create this kind of certification, but that working together they can get better results in a much shorter period of time.
I have been looking around and wonder how much the certifications put out from ISC2 and CSA will differ from the cloud certifications already available from Microsoft and CompTIA. I would expect a degree of deeper emphasis on security maybe but hopefully ISC2 and CSA can carry more weight since they seem to be taking a little bit more time coming out with it…