If you've begun discussing cloud computing solutions with your customers, no doubt you've heard a number of common enterprise objections to the cloud. One of those objections is likely related to security. Thanks to the high data privacy and security standards imposed by regulations like HIPAA, HITECH, SOX, GLBA, and PCI DSS, and thanks also to a year of headlines around foreign and domestic spying on major cloud service providers (CSPs) like Google and Microsoft, security concerns are top of mind among enterprise IT decision-makers.
There are technologies available to address most security and privacy concerns and ways of enhancing cloud computing security in particular, but in order to convince the more nervous IT exec, you'll have to be more than a salesperson. Instead, you'll have to become a trusted technology and security advisor. And one of the best ways to earn your customers' trust when it comes to cloud security is to get a cloud security certification, such as the Certificate of Cloud Security Knowledge (CCSK) offered by the Cloud Security Alliance.
A cloud security certification like the CCSK will demonstrate a thorough and comprehensive knowledge of all things cloud security-related. The CCSK exam covers architectural concepts like the NIST definition of cloud computing, definitions of cloud service brokers, and key points on service level agreements (SLAs). It also tests your knowledge of risk management, a particularly important area when dealing with organizations leery of adopting cloud computing for their more mission-critical applications or more sensitive or protected data. Studying for the CCSK will give you a solid background in the legal issues around cloud computing, such as data location and residency requirements and subcontractor liability.
Of particular importance to VARs whose customers struggle with compliance issues will be the CCSK's coverage of compliance and audit management topics. The CCSK covers the compliance impact on cloud contracts and compliance analysis requirements, among other key points—having a cloud security certification that demonstrates your expertise in key areas can go a long way towards assuaging compliance concerns.
For your purposes, the meat of the CCSK and other cloud security certifications will be the sections dealing with information management and data security in the cloud. As you prepare for a cloud security certification, you'll learn about the data security lifecycle and its key elements, your options for protecting data, the role of Data Loss Prevention (DLP), and the uses of encryption in Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) environments. And when it comes to the CCSK, you'll also get a refresher on more traditional security, business continuity, and disaster recovery topics like perimeter security and customer due diligence.
A CCSK or other cloud security certification won't be handed out instantly or for free, of course. The CCSK exam currently costs US $345, which covers two attempts to pass, and you'll most likely have to devote a significant amount of time to prepare for it. If your customers have reservations about cloud computing, the additional credibility that a cloud security certification confers will be worth it. And if you have additional questions, Ingram Micro information security and business development specialists are ready to help.
Are you planning to get a cloud security certification? Tell us why, or why not, in the comments.