Noted CISSP Cites Need for Certified Cloud Security Professional (CCSP) Certification

By Michael Guta
Contributing Writer

It is no secret that as the demand on physical infrastructure kept increasing, cloud computing has emerged as the way to improve the levels of efficiency and effectiveness in said infrastructure. In fact, the momentum for organizations to move more and more capabilities to the cloud is undeniable.  Just as an example, as reported by Forbes, spending on public cloud Infrastructure as a Service (IaaS) hardware and software is forecast to grow to $173 billion in 2026, from the $38 billion of 2016.

It is also no secret that the explosive growth of the cloud, particularly the movement of “mission critical” capabilities to it, has expanded the vectors of vulnerability to be exploited by those with malicious intent. This has put a premium, whether on in-house staff or third-parties, for skilled cyber security professionals. Yet, it comes at a time when, as Cloud Security Resource Community host (ISC)² has highlighted, there is a shortage of highly trained and certified professionals creating a gap that must be addressed with a sense of urgency.       

The need to address this gap is the subject of a recent posting by Mike Chapple, Senior Director for IT Service Delivery at the University of Notre Dame titled, "CCSP Certification a Must for Security Pros Pivoting to the Cloud." It focuses on the importance of security professionals getting certified in the world of cloud computing as more organizations continue to migrate to the cloud.

Chapple notes that, "As security professionals seek to reinvent themselves as cloud security experts, they must gain new knowledge and skills and may wish to pursue professional certifications that help them demonstrate this aptitude to current and potential employers."

The security threat in cloud deployments, indeed in the entire digital landscape, is getting more dire as bad actors with high skill levels look to the cloud to monetize their exploits. Everyone from organized crime to rogue governments, hacktivsts and regular hackers are now searching for vulnerabilities in networks, data centers and connected system 24/7 from many different parts of the world.

As Chapple points out, whether an organization has an infrastructure-as-a-service (IaaS) or a software-as-a-service (SaaS (News - Alert)) model in place, relying solely on the vendor can be problematic. Vendors and customers must take responsibility, and it is incumbent for the customer to clearly articulate what their security requirements are.

Security professionals therefore must understand all of the cloud deployments within an organization to find out the best method for securing their infrastructure and meet their security goals.

Chappele, as CISSP himself, recommends earning a cloud-focused information security certification such as Certified Cloud Security Professional (CCSP) certification, which is available as a joint partnership from our community hosts (ISC)² and the Cloud Security Alliance (CSA).

As he correctly advises, holding both certifications along with continued education, ensures today's security professionals will always be ready to address the threats organizations face with their cloud deployments.