The vast majority of organizations today have migrated to the cloud to take advantage of rapid deployment, scalability and user empowerment. Eighty nine percent of respondents to a 2019 survey by DivvyCloud have adopted the public cloud.
But many don’t know how the cloud works, the best use cases, potential risks, or the tools available to help optimize their security posture. And even as organizations struggle to understand cloud basics, new industry concepts and technologies, such as zero trust, micro segmentation, containerization and microservices, continue to emerge.
By pursuing Certified Cloud Security Professional (CCSP) certification, cybersecurity experts within the organizations can gain a holistic understanding of cloud architecture, infrastructure, deployment models, emerging technologies, and risk management.
We asked Authorized ISC2 instructor, Dr. Lyron Andrews who attends CCSP certification training classes, what they’re looking for, and the benefits they achieve. Here’s what he told us.
CCSP Candidates
Individuals come to CCSP with strong cybersecurity expertise, but their organizations have varying levels of cloud adoption. Andrews says, “Some class participants are already consuming cloud services and want greater maturity. Some have a mandate to consume cloud services and plan to do so over the next few months to a year. And a third, smaller group, is interested in the cloud but hasn’t gone through a conversion and doesn’t have a mandate.”
Participants are typically looking for basic competencies to fulfill the job they have, or are moving into, with the hope for career advancement down the road. “They’re looking to understand the threats in the cloud, gain an overview of what it means to have a cloud security posture and learn about the technology they can use to provide security,” says Andrews, “In addition, their management often wants them to adopt methodologies like agile, but may not understand what these practices involve and don’t support them.”
Benefits of CCSP Training and Certification
Andrews says students have seen a number of benefits.
- A common vocabulary.
The CCSP training course covers cloud deployment models, cloud service models and much more. It helps students put all the pieces together with examples that enable them to formulate a use case and select the right deployment option. Andrews explains, “Having definitions, taxonomies, and a glossary of terms reduces confusion. People can formulate an idea of what they want and execute on the mission because everyone is using the same language.”
- A business focus.
The class uses the IT Infrastructure Library (ITIL) framework to enable IT to speak in terms of business services rather than technology, so IT can deal with business people in their own language.
- Practical examples.
“Our students tell us that the greatest benefits they receive from the class is when we talk about real life problems and how to apply the tools to address these issues,” says Andrews. “One time a student who was using a CASB (cloud access security broker) for endpoint protection wanted to know how to maintain governance and control. I had him take the class materials and answer his own questions. Using that process, students gain deeper meaning.”
- An understanding of new paradigms and emerging technologies.
When moving to the cloud, cybersecurity experts need to change the way they think about protection. “Old analogies of protection, such as perimeter security, don’t work in the cloud—because the cloud has no perimeter,” Andrews says. “We teach that you need to talk about Zero Trust and micro segmentation, which provides more granular control to prevent the threats that occur in the cloud. We also explain how people can truly utilize the power, flexibility and rapid elasticity of the cloud by using emerging technologies, such as microservices and containerization.”
- Regulatory compliance.
Students learn how to address the laws and regulations for their industry in the cloud. Andrews says “Students typically understand the regulations and laws that apply to their industry. We give them the tools for adhering to those regulations in the cloud. For example, we show them the Cloud Security Alliance Cloud Control Matrix, which maps all the top regulations to specific controls in the cloud. That’s a revelation for people in the class. We also talk about ISO 27017 and ISO 27018 information security and privacy controls for cloud services.”
As organizations seek to gain the many advantages of the cloud, they need to understand the big picture of how the cloud works, it’s risks, as well as how to maintain a strong security posture and comply with regulations. Taking a CCSP training course and receiving certification delivers a practical, hands-on understanding of how to maximize the cloud’s benefits while minimizing risks.
Read More
ISC2 is the leader in security certifications and is acknowledged by companies worldwide. To learn how your business can benefit cloud security certification (CCSP), read our whitepaper 10 Reasons Why Businesses Need to Invest in Cloud Security Training.