Cloud security tops the list of technical concepts and systems those seeking a career in cybersecurity should pursue, according to the 2021 Cybersecurity Career Pursuers Study. The research also points to the benefits of upskilling current IT teams to become cybersecurity experts in the face of the worldwide skills shortage.

Clearly, cloud security certification is a smart move for enterprises and individuals. But with so many credentials out there, how can you determine which one is right for you? Let’s look at two options: Certified Cloud Security Professional (CCSP) vs. Certificate of Cloud Auditing Knowledge (CCAK).

Certification vs. Certificate: What are the distinctions?

CCSP is a certification; CCAK is a certificate. A certification recognizes a candidate’s knowledge, skills, and abilities, typically framed by a job role, while a certificate’s scope is narrower and only documents training course completion. A certification often requires continuing professional education (CPE) to stay in front of trends, while a certificate’s body of knowledge does not evolve over time or require CPE credits to maintain.

Where did the certifications originate?

CCSP was co-developed and launched in 2015 by two nonprofit organizations focused on cloud and information security — ISC2 and the Cloud Security Alliance (CSA). The stand-alone, vendor-neutral credential was designed to complement and build upon existing certifications and education programs. Since the launch of CCSP, ISC2 continues to maintain and update the exam and training materials to ensure ISO accreditation.

CCAK was developed and launched in 2021 by CSA and ISACA. It builds on the body of knowledge covered in CCSK and complements ISACA’s certifications including Certified Information Systems Auditor.

Are they accredited?

CCSP holds ISO/IEC/ANSI accreditation for the internationally recognized cloud standards (ISO/IEC 17024, 17788, 17789, 27017, 27018).

CCAK is not accredited but builds on the body of knowledge covered in CSA’s CCSK and complements ISACA’s ANSI-accredited certifications.

What level of professional experience is required?

CCSP candidates are expert-level professionals. They must have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the ISC2 CCSP Common Body of Knowledge. A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of ISC2 after successfully passing the CCSP exam. The Associate of ISC2 will then have six years to earn the experience needed for the CCSP certification.

CCAK candidates are recommended but not required to have earned the Certificate of Cloud Security Knowledge (CCSK) before pursuing the CCAK.

What is each cert’s emphasis on cloud security?

CCSP demonstrates that cloud security professionals have the required knowledge, skills and experience in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks.

CCAK prepares IT professionals to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility and mitigating risks and costs of audit management and non-compliance.




Cloud Concepts, Architecture and Design

Cloud Governance

Cloud Data Security

Cloud Compliance Program

Cloud Platform and Infrastructure Security

CCM and CAIQ: Goals, Objectives and Structure

Cloud Application Security

A Threat Analysis Methodology for Cloud Using CCM

Cloud Security Operations

Evaluating a Cloud Compliance Program

Legal, Risk and Compliance

Cloud Auditing


CCM: Auditing Controls


Continuous Assurance nd Compliance


STAR Program

What continuing professional education is required to maintain certification?

CCSP-credentialed professionals must participate in continuing professional education (CPE) to stay current on emerging threats, technologies, regulations, standards, and practices. They are required to earn and submit a minimum of 30 CPEs each year; 90 CPEs by the end of the 3-year recertification cycle.

CCAK-credentialed professionals hold the certification for life. No continuing professional education is required.

Certification and Maintenance Details




Length of Exam

3 hours/125 multiple-choice questions

120 minutes/76 multiple-choice questions

Passing Score

700 out of 1,000 (70%)


Exam Fee

$599 USD

CSA Members: $395 USD
Non-members: $495 USD

Annual Maintenance

$135 USD



90 credits over 3 years



How CCSP Certification Can Help You Succeed

Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at ISC2.

Achieving CCSP certification provides the added benefit of membership in ISC2, the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. ISC2 provides members with professional development courses through the Professional Development Institute (PDI); continuing professional education through industry events like Security Congress; technical webinars covering evolving cybersecurity trends; and benefits, such as the ISC2 Community.

Learn more about the reasons why CCSP certification is an investment with measurable ROI for your organization.

Download your copy of The Ultimate Guide to the CCSP and start your journey toward certification today.