WIXLIB

Cloud SecurityCertification GuideWhat certification is right for you?

ContentsCloud SecurityCertification GuideThis exclusive guide examines the available cloud securitycertifications that can translate to better careeropportunities -- and a higher salary -- for you as cloudsecurity best practices and certifications continue to expandand mature.Cloud Security Certification GuideCloud Security Certification GuideEd Tittel and Earl Follis, SearchCloudSecurity.com contributorsCloud computing continues to be a hot-button topic for companieslooking to reduce the total cost of ownership for server and end-usercomputers while offering automated expansion of computing capacityand better management of virtualized environments. Informationsecurity is equally a hot topic, what with numerous well-publicizedsecurity breaches among corporations, universities and governmentagencies weighing on IT professionals and C-level executives alikenowadays.At the intersection of these two popular IT topics lies the emerging fieldof cloud computing security certifications. As an increasing number ofinformation security and IT operations professionals shift their careerstoward cloud computing security, a small but growing number ofcertifications have emerged in the cloud computing area of infosec,divided between vendor-specific certifications and vendor-neutralcertifications.This guide, an addendum to SearchSecurity's IT security certificationsguide, examines the available cloud security certifications that cantranslate to better career opportunities -- and a higher salary -- for youas cloud security best practices and certifications continue to expandand mature.Cloud security certifications (sorted alphabetically)Page 1 of 11

CA AppLogic Certified Cloud Architect (CA-ACCA)Certification level: AdvancedCertification type: Vendor-specificContentsThe CA-ACCACloud SecurityCertification Guideis targeted atsystemarchitects andcloudadministrators who want tolearn in-depthtopics relatedto configuringand managingthe CAAppLogiccloudplatform.Though cloudsecurity is asignificantportion of thematerial covered by this certification, the CA-ACCA offers acomprehensive look at all aspects of cloud infrastructure andarchitecture. If your company uses or is considering use of theAppLogic cloud platform, the CA-ACCA certification is considered amust-have advanced certification for those responsible for architectingcloud implementations using AppLogic. CA's AppLogic group, formedin 2010 following CA's acquisition of 3Tera, also offers self-pacedonline training as well as instructor-led training via CA educationpartners or on-site training conducted by CA engineers and instructors.Source: Certification from CA Technologies for CA AppLogicPage 2 of 11

Certificate of Cloud Security Knowledge (CCSK)Certification level: FoundationalCertification type: Vendor-neutralContentsThe CCSK certification was established by the Cloud Security AllianceCloud SecurityCertification Guideas a foundation of cloud security knowledge for newcomers to thecloud computing arena. The CCSK provides a solid foundation of cloudsecurity essential knowledge as well as best practices gleaned fromthose who have blazed this trail before you. What better way to learnwhat to do than by learning what you should NOT do in the cloud? Allkidding aside, the specificity of the exam and that it is designed andtaught by some of the industry's leading cloud security expertsindicates that the CCSK is the already becoming the industry'sforemost vendor-neutral cloud security certification. Note that theCCSK certification is available in both English and Spanish.Editor's note: SearchCloudSecurity has partnered with the CloudSecurity Alliance to offer our members nine free online classes toprepare for the CCSK exam.Source: CSA Education – CCSKCertified Cloud Security Specialist (CCSS)Certification level: FoundationalCertification type: Vendor-neutralThe CCSS certification offered by Arcitura subsidiary CloudSchool.comincludes excellent foundational knowledge of cloud technologies aswell as three modules specifically covering cloud security content.Arcitura/CloudSchool.com offers self-study kits through its website aswell as instructor-led training classes for most of the required CCSSmodules. In order to successfully acquire the CCSS certification, eachcandidate must successfully pass five exams:Page 3 of 11 Fundamental Cloud Computing Cloud Technology Concepts

Fundamental Cloud Security Advanced Cloud Security Cloud Security LabContentsThe required CCSS training courses are available now, but testing forCloud SecurityCertification Guidethe CCSS is still under development. When finalized and commerciallyavailable (a new exam is expected in fall 2013), CCSS testing will beconducted by Prometric.Source: CloudSchool.com Certified Cloud Security SpecialistEXIN Certified Integrator Secure Cloud Services (CISCS)Certification level: FoundationalCertification type: Vendor-neutralCISCS certification from EXIN is not purely dedicated to cloud security,though it does offer a well-rounded foundational overview of cloudconcepts and relevant infosec topics. The advantage to this approachis that participants learn not only cloud security concepts and bestpractices, but they also learn how cloud security fits into an overallcloud strategy. CISCS certification consists of three modules that mustbe mastered in order to pass the certification exam: IT Service Management and ITIL Information Security Cloud ComputingEXIN offers CISCS testing through both Prometric and Pearson VUEexam centers.Source: EXIN Certified Integrator Secure Cloud ServicesIBM Certified Solution Architect-Cloud ComputingInfrastructure (CSA-CCI)Certification level: AdvancedCertification type: Vendor-specificPage 4 of 11

The IBM CSA-CCI certification track requires mastery of the followingcloud-related principles:ContentsCloud SecurityCertification Guide Cloud computing basics IBM Cloud Computing principles IBM Cloud Computing design concepts Implementing IBM Cloud Computing Types of clouds and as-a-service offerings Cloud infrastructure technologies, including cloud security Addressing security in a cloud computing environment Knowledge of the IBM Cloud Computing offerings, includingprovisioning, storage, security, monitoring and hypervisorsNot surprisingly, this certification makes the most sense for securitypros who are (or need to be) versed in cloud security built on IBMinfrastructure. Those seeking this certification must be adequatelyversed in how products from Big Blue's Tivoli, Websphere andCloudBurst brands work to not only facilitate enterprise cloudcomputing, but can also be used to secure it.Source: IBM Professional Certification ProgramSalesforce.com Certified Technical Architect (SCTA)Certification level: AdvancedCertification type: Vendor-specificSalesforce.com is one of the pioneers of cloud computing, specificallythe Software as a Service (SaaS) movement. The SCTA certification isgeared toward architects and designers who want to certify theirknowledge and expertise for designing scalable and secureapplications on the Salesforce.com cloud platform. In order to pass theSCTA exam, participants must demonstrate mastery of cloudapplication design principles, application-level security considerations(to ensure secure communications between Salesforce.com and thirdparty apps) and best practices for deploying applications viaPage 5 of 11

Salesforce.com. Obviously, this is a highly specific certification andbest for individuals whose organizations either have invested heavily inSalesforce.com, or those who intend to specialize in implementing andContentssecuring Salesforce.com infrastructures.Cloud SecurityCertification GuideSource: Salesforce.com Certification Architects TrackSymantec Certified Professional-Cloud Security (SCP-CS)Certification level: IntermediateCertification type: Vendor-specificSymantec Corp. has always offered standalone, product-centriccertifications, but several years ago Symantec recognized the marketneed for a multidiscipline certification track. As a result, the SCPcertification program was established in July 2012 to offer certificationsthat span multiple Symantec products across an expanded area ofexpertise that now includes cloud concepts. The SCP-CS certificationwas developed in a partnership between Symantec and the CloudSecurity Alliance as an intermediate-level certification thatconcentrates on security concerns within cloud computingenvironments.Symantec has been around for more than two decades and todayengages in a number of IT security disciplines. Cloud security topicscovered by this certification include design, deployment andmanagement of cloud computing resources. Symantec stresses in thiscertification that cloud security is an important aspect of cloudcomputing that must be included as a discussion point in every step ofthe cloud migration or integration process. It is not acceptable,according to Symantec, to wait until deploying a cloud environment tostart thinking about cloud security; security should be the overridingconcern from the beginning of the cloud planning process, and thatemphasis should carry through to the implementation and managementphases of all cloud computing projects. To achieve this level ofcertification, candidates must provide proof of passing the CCSK examPage 6 of 11

mentioned above, pass the SCP technical exam and accept theSymantec Certification Agreement.ContentsSource: Symantec Certified Professional (SCP) Exam 850-001: CloudSecurity 1.0Cloud SecurityCertification GuideVMware Certified Advanced Professional-CloudInfrastructure Design (VCAP-CID)Certification level: IntermediateCertification type: Vendor-specificVMware has become a leading provider of software for cloudcomputing infrastructure, virtual desktops and cloud management. Itsearly entry into cloud computing software gives VMware acorresponding head start in the vendor-specific cloud certificationmarket. The VCAP-CID certification includes best practices for clouddesign considerations, security, metering, compliance and availability.Note that there are other variants of the VMware Certified AdvancedProfessional certification that might also be beneficial to the aspiring -or even the experienced -- cloud computing professional.Source: VMware Certified Advanced Professional-Cloud InfrastructureDesign (VCAP-CID)Coming attractionsConsidering the growing emphasis on the security aspects of publicand private cloud computing, there are several cloud-security-relatedcertifications that are currently under development that I want tomention here so you can keep your eyes peeled as these certificationsand exams become available in the coming months.Foremost among these future certifications is the (ISC)2 and CSA cloudsecurity certification. This yet-to-be-named certification is expected tobuild off of the industry-leading CISSP certification of (ISC)2and theCSA's CCSK certification. At this time, few specifics are available, butPage 7 of 11

comments from CSA leadership indicate that the global credential willencompass both technical and strategic issues related to cloudsecurity. The new certification, and its examination, are expected toContentsdebut in 2014.Cloud SecurityCertification GuideOther certifications worthy of note include: VMware Certified Advanced Professional-Cloud Governance(VCAP-CG) Cloud Certified Virtualization Specialist (CCVS) Certified Cloud Governance Specialist (CCGS)There's no doubt that we are in the very early days of cloud computingsecurity certifications. As the adoption of various types of cloudcomputing grows and evolves, there will be an increasing need forinformation security professionals to ensure those implementations aresecure, and in turn a need for the best and most capable of thoseinfosec pros to identify and attain certifications that demonstrate theirexpertise. It will be an exciting field to watch in the months and years tocome.Page 8 of 11