Welcome!

@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Aruna Ravichandran

News Feed Item

Cloud Security Alliance Sets Industry Standard With New User Certification

Certificate of Cloud Security Knowledge (CCSK) Aimed at Promoting Secure Cloud Computing for All

LAS VEGAS, NV -- (Marketwire) -- 07/28/10 -- The Cloud Security Alliance today unveiled the industry's first user certification program for secure cloud computing. The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Cloud computing is being aggressively adopted on a global basis as businesses seek to reduce costs and improve their agility. Among the critical needs of the industry is to provide training and certification of professionals to assure that cloud computing is implemented responsibly with the appropriate security controls. The Cloud Security Alliance has developed a widely adopted catalogue of security best practices, the Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1. In addition, the European Network and Information Security Agency (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security" is an important contribution to the cloud security body of knowledge. The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA whitepaper. More information is available at www.cloudsecurityalliance.org/certifyme.

"Cloud represents the shift to compute as a utility and is ushering in a new generation of information technology. Critical services are now being provided via the cloud, which is creating a mandate for cloud security skills across the spectrum of IT-related professions," said Jim Reavis, CSA executive director. "The CSA is providing a low cost certification that establishes a robust baseline of cloud security knowledge. When combined with existing professional certifications, the CCSK helps provide necessary assurance of user competency in this important time of transition. We are also thrilled to have ENISA's support and their agreement to join our certification board."

"We have already been leveraging the CSA's 'Security Guidance for Critical Areas in Cloud Computing' as a best practices manual for our information security staff," said Dave Cullinane, CISO and VP for eBay, Inc. "We now plan to make this certification a requirement for our staff, to ensure they have a solid baseline of understanding of the best practices for securing data and applications in the cloud."

"Security has been identified as the most significant issue associated with cloud computing adoption," said Melvin Greer, Chief Strategist, Cloud Computing, for Lockheed Martin. "The CSA Certificate of Cloud Security Knowledge (CCSK) will provide a consistent way of developing cloud security competency and provide both organizations and agencies the confidence they need to adopt secure cloud solutions."

"Cloud computing will undoubtedly have a profound effect on information security. Educating and developing talented thought-leaders is a key challenge in solving cloud security issues," said Jerry Archer, CSO for Sallie Mae. "The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud."

eBay, Lockheed Martin and Sallie Mae join many other companies, including ING, Symantec, CA, Trend Micro and Zynga in their commitment to adoption of the CCSK. Online testing will be available starting Sept 1st 2010. The CSA will offer discount pricing of $195 through Dec 31st; regular pricing at $295 begins January 1st.

Broad Industry Support

The CSA's CCSK is already gaining broad industry support from numerous organizations:

"The use of cloud services by enterprises for sensitive applications and data is currently constrained by uncertainty and immaturity around security systems and practices," said Matthew Gardiner, Director, CA Security Business. "The launch of CSA's CCSK program is an important step in improving security professionals' understanding of cloud security challenges and best practices and will lead to improved trust of and increased use of cloud services."

"We applaud the CSA's initiative to provide this standard and new certification program to enhance cloud security. For organizations to continue to move their confidential information and critical business processes to the cloud they must have total confidence that the cloud is secure and robust," said Peter Gaffney, Vice President of Systems and Network Operations at CaseCentral. "As the leading cloud-based eDiscovery provider and the first to join the CSA we look forward to helping drive the adoption of this certification standard in the industry."

"Hubspan is committed to providing a secure and reliable cloud computing environment for business integration and to helping companies follow cloud security best practices, of which the CSA's CCSK certification is a great example and one we fully support," said Ian Huynh, vice president of engineering and operations, Hubspan Inc.

"This is the standards effort that the industry has been waiting for," said Guy Churchward, CEO of LogLogic, a leader in SIEM and Log Management. "As our studies have shown, security is the main topic holding back the adoption of cloud computing. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking security best-practices into new cloud initiatives."

"The CCSK is what is needed to help define and separate security professionals who are interested in making cloud security better," said David Lingenfelter, Information Security Officer at MaaS360 by Fiberlink. "The term 'cloud computing' has so many different meanings it's hard to know if people are just throwing out buzz words or if they truly understand its meaning. The same can be said about cloud security, there is a lot of talk about why cloud computing is insecure and what needs to be done to make it secure. The CCSK program will help provide the comprehensive understanding that is needed going forward."

"A proven understanding and adoption of best practices for protecting and managing user identities in the Cloud are necessary if organizations are to realize the full potential of Cloud Computing," said Ping Identity CTO and CSA Advisory Board Member Patrick Harding. "With CCSK certification, professionals who have Cloud Computing responsibilities can demonstrate thorough Cloud security knowledge based on the CSA's catalogue of security best practices."

"Certificate of Cloud Security Knowledge (CCSK) is a natural step for security, IT and other professionals to demonstrate their awareness of cloud computing based on the Cloud Security Alliance Guidance v2.1," said Randy Barr, CSO of Qualys, Inc. "This certification will address the demand for knowledgeable professionals who can evaluate and implement cloud computing within their organization."

"Solutionary, Inc. is a corporate member of CSA, and has several of their security consultants scheduled for the CSA certification program," Pamela Fusco, VP of industry solutions at Solutionary said. "We are fully committed to promoting the security of cloud computing, be it platform, information, or software based; our mission and CSA's are in lock step."

"The Certificate of Cloud Security Knowledge provides individuals with a solid foundation in cloud security issues and best practices," said Gary Phillips, senior director, technology assurance and standards research, Symantec Corp. "Organizations that leverage this training will be better positioned to get the most out of their investments in cloud computing. In addition, the certification can be a large help with recruitment efforts as organizations can easily qualify the experience of an individual in cloud security if they have earned the CCSK certificate."

"The Cloud Security Alliance's User Certification is a big step forward in ensuring that IT professionals considering deploying applications into the cloud understand security issues," said Todd Thiemann, Senior Director, Datacenter Security for Trend Micro. "The CSA User Certification should help enterprises maintain an adequate security posture in the cloud and understand how to leverage cloud security tools such as Trend Micro Deep Security to protect applications in the private and public cloud."

"Moving to the cloud is a significant risk management decision for CIO and CISOs given unproven security models and reduced indemnification," said Matt Moynahan, CEO, Veracode. "Veracode has long been advocating for independent security verification for the application development and delivery ecosystem and we support the CSA's new user certification program as one of the key pillars for building secure software."

"CSA is pioneering the cloud computing industry by developing programs to ensure that critical security needs are addressed," said Nico Popp, vice president of product development at VeriSign. "With the newly created CCSK certification program, IT professionals and businesses alike will benefit from the knowledge based training, helping to provide greater surety that the appropriate security controls are exercised when cloud based applications are adopted in the enterprise."

"Despite the clear agility and cost saving benefits, there are factors which are holding back Cloud usage," said Mark O'Neill, CTO at Vordel. "These include a deficit of trust and reliability. Enterprises simply do not trust third-parties to protect their sensitive data and connections to Cloud services may be subject to delays and outages. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking trust and reliability-oriented security best-practices into new cloud initiatives."

"As enterprises move toward cloud computing, they are desperately seeking guidance and education in this new domain," according to Michael Sutton, VP, Security Research at Zscaler. "CSA is bridging this gap and the CCSK provides an important first step in establishing baseline knowledge for individuals tasked with building and managing applications to the cloud."

About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, the Cloud Security Alliance Web site is www.cloudsecurityalliance.org.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact
Zenobia Godschalk
Email Contact
650.269.8315

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@CloudExpo Stories
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
The session is centered around the tracing of systems on cloud using technologies like ebpf. The goal is to talk about what this technology is all about and what purpose it serves. In his session at 21st Cloud Expo, Shashank Jain, Development Architect at SAP, will touch upon concepts of observability in the cloud and also some of the challenges we have. Generally most cloud-based monitoring tools capture details at a very granular level. To troubleshoot problems this might not be good enough.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
In the fast-paced advances and popularity in cloud technology, one of the most critical factors revolves around concerns for security of your critical data. How to assure both your company and your customers they can confidently trust and utilize your cloud environment is most often top on the list. There is a method to evaluating and providing security that exceeds conventional modes of protecting data both within the cloud as well externally on mobile and other devices. With the public failure...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...