Why Hiring CCSPs Will Help the C-Suite Sleep at Night

A few short years ago, cloud computing was considered a relatively new concept inherent with risks that many IT professionals weren’t comfortable taking. I’ll avoid the debate about who coined the term cloud computing, but I’m old enough to remember how we formerly referenced the cloud in telecommunications as a way to simplify and abstract the details of the external network that’s connected to internal devices. Today, the concept of cloud computing is intended to simplify communication by eliminating the need to know all of the specifics of the cloud provider’s underlying software and infrastructure. The cloud provides benefits to businesses and consumers alike by offering consolidated services, quicker delivery time and decreased costs.

As we look toward the future of IT, cloud computing hovers over us at the forefront. Adoption rates are soaring, and cloud computing must integrate with in-house IT infrastructure and data assets. According to nearly 14,000 respondents from the 2015 (ISC)² Global Information Security Workforce Study (GISWS) by Frost & Sullivan, 43 percent state that cloud is a priority for their organizations and 57 percent of total respondents state it will become even more of a priority over the next two years.

Though it may be obvious to some, the growing adoption of cloud services will increase the demand for security professionals who can apply the proper controls to public, private, community and hybrid cloud models. Cloud computing was identified as the top area of information security with growing demand for education and training within the next three years, according to the (ISC)² GISWS. IT professionals who understand how cloud services can be securely implemented and managed within their organization’s IT strategy and governance requirements are essential. In fact, 73 percent of GISWS respondents believe leveraging cloud-based solution and services will require information security professionals to develop new skills.

(ISC)² and the Cloud Security Alliance (CSA) teamed up in an effort to address the need to establish a common global understanding of professional knowledge and best practices in design, implementation, management and service orchestration of cloud computing systems. CSA’s Certificate of Cloud Security Knowledge (CCSK) provides a very solid baseline of cloud security. Working together, (ISC)² and CSA developed a cloud security credential for those requiring a deeper understanding and demonstrated experience. The Certified Cloud Security Professional (CCSP^SM) validates that professionals have met the highest standard for cloud security expertise. The combined initiative addresses the expanded information security complexities as organizations begin to leverage cloud-based infrastructure, software and services more frequently.

So why should organizations take note? With breaches rife and the C-suite increasingly aware of the implications of inadequate security, hiring CCSPs will help the C-suite sleep at night. Companies will benefit from employing CCSPs because they possess the knowledge, skills and abilities needed to address the security and business issues associated with the complexities of cloud computing. CCSP is vendor-neutral and requires practical knowledge and skills covering a broad set of cloud security capabilities necessary for cloud professionals to effectively carry-out their responsibilities and contributes to the overall security of their cloud environment.

Those in the C-suite at organizations who have decided to take advantage of recurring savings related to leveraging cloud solutions and services should consider what a modest investment in staff training and certification could mean for near-term and long-term success in relation to recurring operating cost savings, while ensuring cloud security best practices. Cloud security should be more of a science than an art. Leveraging the cloud should be predictable and repeatable, versus becoming an area of self-expression across an organization’s business units.

Had I been able to employ CCSPs during my early cloud implementation days, I know I certainly would’ve slept easier at night. For more information about CCSP, please visit https://www.isc2.org/ccsp/default.aspx.
-David Shearer, CISSP, PMP, CEO, (ISC)²