A surge of organizations are moving their operations to the cloud for the benefits of improved efficiency, better scalability and faster deployment. But with the wave of migration to the cloud come more threats than ever before. The cloud is giving bad actors a more expansive set of targets, as well as new tools to conduct attacks, says Or Azarzar, Co-founder and CTO of Lightspin, in an article in Dark Reading.
With so many risks for cyberattacks targeting the cloud, which certification demonstrates a broader understanding and skillset to protect cloud security? Let’s compare two cloud certs, ISC2 Certified Cloud Security Professional (CCSP) vs. Google Cloud Certified-Professional Cloud Security Engineer.
CCSP is a vendor-neutral certification that demonstrates the broad knowledge to successfully secure any cloud environment, regardless of vendor affiliation. It proves expert skills and experience in cloud security design, implementation, architecture, operations, controls and compliance with the full range of regulatory frameworks. The globally recognized certification is available from ISC2, the creators of the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge.
Google Cloud Certified-Professional Cloud Security Engineer is a vendor-specific certification that shows expertise in Google Cloud Platform. It proves a thorough understanding of cloud architecture to design, develop and manage dynamic business solutions.
Why is vendor-neutral cloud certification favored by many organizations?
For higher levels of security, the standard for many organizations today is multi-cloud, which uses multiple providers for IaaS, PaaS and SaaS environments. Multi-cloud strategy allows organizations to work with cloud providers and environment types best-suited to their workload or application.
Fifty-five percent of companies use at least two public clouds in addition to their own data centers, according to IDG's 2020 Cloud Computing Study. IT managers make choices based on the performance and services a platform offers, which vary according to application type. And because the public cloud is a dynamic environment, a multi-cloud strategy allows organizations to avoid the limitations and potential expense of vendor lock-in and take advantage of innovations as they are introduced.
What is each cert's emphasis on cloud security?
CCSP turns the focus on cloud security, testing candidates' skills and knowledge across six cloud security domains. It validates your ability to design, manage and secure data, applications and infrastructure in any cloud environment, while also following the best practices established by ISC2.
Google Cloud Certified-Professional Cloud Security Engineer validates a candidate’s ability to effectively demonstrate knowledge about security specifically in the Google Cloud Platform.
Domains
| ISC2 CCSP | Google Cloud Certified-Professional Cloud Security Engineer |
|---|---|
|
Cloud Concepts, Architecture and Design |
Configuring Access within a Cloud Solution Environment |
|
Cloud Data Security |
Configuring Network Security |
|
Cloud Platform and Infrastructure Security |
Ensuring Data Protection |
|
Cloud Application Security |
Managing Operations within a Cloud Solution Environment |
|
Cloud Security Operations |
Ensuring Compliance |
|
Legal, Risk and Compliance |
Ensuring Solution and Operations Reliability |
My employer uses the Google Cloud Platform. Why should I consider CCSP certification?
Certification in both Google Cloud Certified-Professional Cloud Security Engineer and CCSP complement each other by elevating your expertise in the cloud. CCSP expands upon vendor-specific cloud certifications like Google’s with comprehensive knowledge and skills in security frameworks. CCSP’s vendor-neutral certification deepens your proficiency with a broader mastery of cloud security that transcends vendor affiliation.
What level of professional experience is required?
CCSP candidates are expert-level professionals. They are required to have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the ISC2 CCSP Common Body of Knowledge. A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of ISC2 after successfully passing the CCSP exam. The Associate of ISC2 will then have six years to earn the experience needed for the CCSP certification.
Google Cloud Certified-Professional Cloud Security Engineer candidates are recommended but not required to have three years or more of security experience with a strong working knowledge of Google Cloud.
What is required to maintain certification?
CCSP-credentialed professionals must participate in continuing professional education (CPE) to stay current on emerging threats, technologies, regulations, standards and practices. They are required to earn and submit a minimum of 30 CPEs each year; 90 CPEs by the end of the 3-year recertification cycle.
Google Cloud Certified-Professional Cloud Security Engineer certification does not require continuing professional education. It is valid for two years from the exam pass date. Certifications may be renewed by passing the same exam 60 days or less prior to certification expiration date.
Certification and Maintenance Details
| ISC2 CCSP | Google Cloud Certified-Professional Cloud Security Engineer | |
|---|---|---|
|
Length of Exam |
3 hours/125 multiple-choice questions |
|
|
Passing Score |
700 out of 1,000 |
|
|
Exam Fee |
$599 USD |
$200 USD |
|
Annual Maintenance |
$135 USD |
N/A |
|
CPEs |
90 credits over 3 years |
N/A |
How CCSP Certification Can Help You Succeed
Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at ISC2.
Achieving CCSP certification provides the added benefit of membership in ISC2, the world's largest nonprofit association of cybersecurity professionals, more than 160,000 members strong. ISC2 provides members with professional development courses through the Professional Development Institute (PDI); technical webinars covering evolving cybersecurity trends; and benefits, such as the ISC2 Community.
Learn more about how CCSP can help you migrate to the cloud securely in our eBook, 20 Tips for Secure Cloud Migration.
Download your copy of The Ultimate Guide to the CCSP and get started toward certification today.