The Cloud Security Alliance on Wednesday unveiled the industry's first user certification program for secure cloud computing. The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Cloud computing is being aggressively adopted on a global basis as businesses seek to reduce costs and improve their agility.  Among the critical needs of the industry is to provide training and certification of professionals to assure that cloud computing is implemented responsibly with the appropriate security controls.  The Cloud Security Alliance has developed a widely adopted catalogue of security best practices, the Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1.  In addition, the European Network and Information Security Agency (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security" is an important contribution to the cloud security body of knowledge.  The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA whitepaper.   More information is available at www.cloudsecurityalliance.org/certifyme.

"Cloud represents the shift to compute as a utility and is ushering in a new generation of information technology.  Critical services are now being provided via the cloud, which is creating a mandate for cloud security skills across the spectrum of IT-related professions," said Jim Reavis, CSA executive director.  "The CSA is providing a low cost certification that establishes a robust baseline of cloud security knowledge.  When combined with existing professional certifications, the CCSK helps provide necessary assurance of user competency in this important time of transition.  We are also thrilled to have ENISA's support and their agreement to join our certification board."

"We have already been leveraging the CSA's ‘Security Guidance for Critical Areas in Cloud Computing' as a best practices manual for our information security staff," said Dave Cullinane, CISO and VP for eBay, Inc.  "We now plan to make this certification a requirement for our staff, to ensure they have a solid baseline of understanding of the best practices for securing data and applications in the cloud."

"Security has been identified as the most significant issue associated with cloud computing adoption," said Melvin Greer, Chief Strategist, Cloud Computing, for Lockheed Martin. "The CSA Certificate of Cloud Security Knowledge (CCSK) will provide a consistent way of developing cloud security competency and provide both organizations and agencies the confidence they need to adopt secure cloud solutions."

"Cloud computing will undoubtedly have a profound effect on information security.  Educating and developing talented thought-leaders is a key challenge in solving cloud security issues," said Jerry Archer, CSO for Sallie Mae. "The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments.  In developing the CCSK, CSA is "setting the bar" for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud."

eBay, Lockheed Martin and Sallie Mae join many other companies, including ING, Symantec, CA, Trend Micro and Zynga in their commitment to adoption of the CCSK. Online testing will be available starting Sept 1^st 2010. The CSA will offer discount pricing of $195 through Dec 31; regular pricing at $295 begins January 1.