8 top cloud security certifications – Channel Asia Singapore

Credit: Roman Samborskyi / Shutterstock

As companies move more and more of their infrastructure to the cloud, they’re forced to shift their approach to security. The security controls you need to put in place for a cloud-based infrastructure are different from those for a traditional datacentre. There are also threats specific to a cloud environment. A mistake could put your data at risk.

It’s no surprise that hiring managers are looking for candidates who can demonstrate their cloud security know-how—and a number of companies and organisations have come up with certifications to help candidates set themselves apart. As in many other areas of IT, these certs can help give your career a boost.

“Cloud security certifications can set professionals up for long-term career success in designing, operating, and maintaining secure cloud environments for today’s enterprises,” says Joe Vadakkan, senior director of services alliances at Optiv. “In addition to the process being a fun learning experience, each certification offers a unique benefit to understanding the security controls, associated risks, and dynamic needs of cloud operating models.”

But which certification should you pursue? We spoke to a number of IT security pros to get their take on those that are the most widely accepted signals of high-quality candidates. These include cloud security certifications for both relative beginners and advanced practitioners.

Top cloud security certifications

We’ve got the details eight of the best security certifications identified: four that are generalist certifications and four built around specific platforms.

Four good general cloud security certifications…

1. Certificate of Cloud Security Knowledge (CCSK)

Strictly speaking, CCSK, as its name implies, is a certificate rather than a certification, but it still represents a valuable first step on your cloud security career path. “If you have to choose one certification and want (as you should) to understand more of the technical concepts beyond a theoretical level, a CCSK is the way to go,” says Aaron Rosenmund, Director of Security Research and Curriculum at Pluralsight. “It is vendor-agnostic knowledge about securing data in the cloud. It ensures that technologists have the foundational and in-depth knowledge needed—from cloud architecture and infrastructure to data security, key management, identity and access management—to utilise cloud services more securely.”

The CCSK test asks participants to demonstrate knowledge of three key documents: the CSA Security Guidance for Critical Areas of Focus in Cloud Computing, the CSA Cloud Control Matrix, and the EU’s Agency for Cybersecurity’s Cloud Computing Risk Assessment. The exam is open book, and you can take it online.

Offered by: Cloud Security Alliance
Prerequisites: None
Test format: 60 multiple choice questions
Official website:

2. CompTIA Cloud+

Cloud+ is strictly speaking a general cloud administration certification rather than a security cert, but it includes extensive cloud security content and many people we spoke to mentioned it as a way to demonstrate that you understand both the cloud and security’s place in it, including the implementation of cloud security controls and the troubleshooting of cloud security problems. It’s a successor to the CompTIA Cloud Essentials+ cert, and it’s definitely more technical; while there are no formal prerequisites, two to three years of sysadmin experience is recommended.

“Certifications like CompTIA Cloud+ provide a solid understanding of concepts, common vocabulary, and cloud approaches,” notes Dustin Hutchison, PhD, VP of Services and CISO at Pondurance. “However, they do not provide technical-platform-specific job-ready skills.” (We’ll talk about those in more detail in a moment.)

Offered by: CompTIA
Prerequisites: None
Test format: 90 performance-based and multiple-choice questions
Official website:

3. GIAC Cloud Security Automation (GSA)

The GSA Automation certification may be one of the less well-known certs on this list, but Adam Gordon, Instructor at ITProTV, says that hiring managers recognise its place in the market. Like the other certs we’ve discussed so far, it has no formal requirements, but it is one of the more advanced certs and candidates should probably have three to five years of experience.

The certification is built around the SANS Institute’s Cloud Security and DevSecOps Automation training, and those who take that course can get a discount on the not-insignificant price of the test. The test focuses in particular on securing automated processes associated with CI/CD, and includes material on services specific to AWS and Azure.   

Offered by: GIAC
Prerequisites: None
Test format: 75 questions
Official website:

4. Certified Cloud Security Professional (CCSP)

Almost everyone we spoke to agreed: ISC2‘s CCSP is one of the most well-known and respected certifications on the market. Unlike the previous certs we discussed, CCSP is meant for higher-level and more experienced pros, with a requirement for several years of industry employment before you can apply to be certified. “From a general sense of demonstrating cloud security expertise and credibility, I think CCSP is the best,” says Dave Hatter, Cyber Security Consultant at IntrustIT. “It’s vendor agnostic, requires knowledge across critical domains, requires real world experience and comes from one of the most respected cybersecurity organisations in the industry.”

“As an experienced hiring manager, certificates are important, for they show a candidate’s potential for retaining knowledge, but what certificates don’t clearly reflect is the candidate’s ability to apply that knowledge to real-world applications,” adds Chuck Everette, Director of Cybersecurity Advocacy at Deep Instinct. “The CSSP is highly respected due to the requirement that the candidate must have a number of years of paid work experience in the infosec field that actually relates to the topic of cloud security, risk, and compliance.”

Offered by: ISC2
Prerequisites: Five years of paid IT work experience, at least three of which must have been in infosec, and at least one of which must have involved one or more domains in ISC2‘s common body of knowledge for cloud security
Test format: 125 multiple-choice questions
Official website:


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.