The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Find Your Footing in Cloud Security with CCSK

Cloud Security Alliance (CSA) is a partner with (ISC)² on the challenging CCSP credential. CSA's less demanding CCSK certification, however, is a great starting point for tech professionals new to cloud security.

CCSK cloud security laptop and handThe cloud is here to stay. Organizations of all sizes and industries are turning to cloud services as a flexible, agile alternative to building expensive data centers, maintaining silos of technical expertise, and overprovisioning capacity to meet future demand.


Gartner recently estimated that the cloud computing industry will grow at an 18 percent rate in 2017, reaching a total market size of $246 billion dollars. There’s no sign that the adoption of cloud services is slowing down, and a quick search of technical job descriptions shows that technologists with experience on cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Salesforce, Workday, and other similar services are in high demand.


At the same time, however, that organizations are turning to the cloud to achieve cost savings, improve their agility and drive flexibility in computing, they also remain concerned about the security of data stored and processed in the cloud. Turning over responsibility for handling data at any layer of the cloud computing stack raises the eyebrows of security professionals and calls for a different kind of expertise than securing traditional environments.


While the same basic tenets of confidentiality, integrity, and availability still apply in the world of cloud computing, the cloud presents challenges of its own. Cloud security professionals must depend more upon risk assessments, application-layer controls, and contractual protections than the firewalls and intrusion detection systems commonly found in on-premises data centers.


The Cloud Security Alliance (CSA) recognized this shift in attitudes toward on-premises computing six years ago when they launched the Certificate of Cloud Security Knowledge (CCSK) certification program in 2011. The CCSK was the first major attempt at creating a cloud-specific security certification and attracted some attention from within the cybersecurity profession.


It went unnoticed by many practitioners, however, due, quite simply, to the relative immaturity of the field. In 2017, on the other hand, it’s difficult to find an enterprise that doesn’t make some use of cloud services, and security professionals are beginning to seek education and certification programs focusing specifically on this high-demand specialty.


Is CCSK a Full Certification?


Most people who do a quick scan of the cloud security certification space walk away a little bit confused — and for good reason! There are two similarly named certification programs available and they share a common sponsor!


In 2015, CSA partnered with the more widely known industry association (ISC)² to release the Certified Cloud Security Professional (CCSP) certification. While they didn’t bill the CCSP as a replacement for the CCSK credential, many in the field viewed the CCSP as a major upgrade to the existing program.


The fact that CSA partnered in the certification raised justifiable questions about the ongoing viability of the CCSK program, and the fact that the CCSK hasn’t been revised since its initial release in 2011 lends credence to those concerns.


One of the major differences between the two programs is the type of material that appears on the exam. The CCSK program is clearly billed as a knowledge-based certification. It carries no formal experience requirement and simply requires that candidates demonstrate knowledge of a wide variety of cloud security topics.


The CCSP, on the other hand, is targeted at experienced cloud professionals. In the words of (ISC)², “the CCSP credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security.”


The CCSP also has a strictly enforced experience requirement, mandating that candidates prove 5 years of experience in information technology, including 3 years in information security and at least one year in the 6 CCSP domains. The experience difference alone clearly positions the CCSP as for experienced professionals, while the CCSK is more of an entry-level certification. CSA and (ISC)² seem to acknowledge this directly, allowing CCSK holders to substitute their CCSK credential for one year of the CCSP experience requirement.


Another major difference between the two programs is the rigorousness of the testing. The CCSK program requires correctly answering 48 out of 60 multiple choice questions during a 90-minute exam period. Candidates take the exam from the comfort of their home or office, in an unproctored examination environment.


The CCSP credential, by contrast, employs a much more traditional certification testing environment. Candidates must take the CCSP exam in the proctored environment of a Pearson VUE testing center and have four hours to complete 125 exam questions.