What is the Certificate of Cloud Security Knowledge (CCSK) Exam?
The organizational shift of attention towards cloud security was first recognized by the Cloud Security Alliance (CSA) seven years ago, and
hence they launched the Certificate of Cloud Security Knowledge (CCSK) certification program in 2011 for cyber security professionals.
The Certificate of cloud security knowledge is a knowledge-based certification. The most interesting fact is that the examinee does not need to
carry any formal experience in the domain and the pre-requisite is only to demonstrate knowledge on the cloud security topics covered in the
certification guideline. The certificate is designed by the world’s thought leaders and ensures that the certificate holder is credible to face the
challenges related to cloud security for any vendors.
The Certificate of cloud security knowledge helps a cloud professional to:
• Prove his/her competence achieved through experience in cloud security
• Demonstrate the technical expertise, abilities, and skills, to develop a holistic cloud security environment effectively by maintaining
the globally accepted standards
• Stand out from the crowd to grab desirable employment in the fast-pacing cloud job market
• Gaining access to valuable career resources, such as networking, tools, and ideas exchange with others.
The CCSK exam is a web-based exam that anyone can take from anywhere. Hence, it can be considered an open book exam. However, the depth
of the questions is very high which validate the practical knowledge of the candidate for various real-time cloud security issues and best
practices to handle them.
This cloud security certification is designed to leverage the broader foundation of knowledge on cloud security where the topics focus on

• Cloud architecture
• Governance
• Security compliance
• Operations
• Encryption
• Virtualization, and much more.
What are the benefits of earning your CCSK?
□ Prove your competency in key cloud security issues through an organization that specializes in cloud research.
□ Increase employment opportunities by filling the skills-gap for cloud-certified professionals.
□ Demonstrate your technical knowledge, skills, and abilities to effectively use controls tailored to the cloud.
□ Learn to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance
to configuring technical security controls.
□ Complement other credentials such as the CISA, CISSP and CCSP.
SECURITYAS A SERVICE (SECaaS)
DEFINITION: Security as a service (SECaaS) is an outsourced service wherein an outside company handles and manages your security. At its
most basic, the simplest example of security as a service is using an anti-virus software over the Internet.
With security as a service, security solutions are no longer delivered locally, where your IT department installs virus protection software, spam
filtering software, and other security tools on each machine or on the network or server in your workplace, keeping the software up-to-date or
telling them to use it. The old way of doing things is also expensive; you have upfront costs for hardware as well as continuing costs for licenses

to allow you to use the software. Instead, security as a service allows you to use the same tools using only a web browser, making it direct and
affordable.
BENEFITS OF SECURITYAS A SERVICE
There are a lot of advantages to using a security as a service offering. These include:
1. You work with the latest and most updated security tools available. For anti-virus tools to be effective and useful, they need to work with
the latest virus definitions, allowing them to stomp out threats, even the newest ones. With security as a service, you’re always using tools that
are updated with the latest threats and options. This means no more worrying that your users are not updating their anti-virus software and
keeping other software up to date to ensure the latest security patches are in use. The same case goes for updating and maintaining spam filters.
2. You get the best security people working for you. IT security experts are at your beck and call, and they may have more experience and a
better skillset than anybody on your IT team.
3. Faster provisioning. The beauty of as-a-service offerings is that you can give your users access to these tools instantly. SECaaS offerings
are provided on demand, so you can scale up or down as the need arises, and you can do so with speed and agility.
4. You get to focus on what's more important for your organization. Using a web interface or having access to a management dashboard
can make it easier for your own IT team to administer and control security processes within the organization.
5. Makes in-house management simpler. If you have protected data, it is not enough to just keep it secure. You should know when a user
accesses this data when he or she does not have any legitimate business reason to access it.

5. Save on costs. You do not have to buy hardware or pay for software licenses. Instead, you can replace the upfront capital with variable
operating expense, usually at a discounted rate compared to the upfront costs.
EXAMPLES OF SECURITYAS A SERVICE OFFERINGS
Security as a service encompasses security software that are delivered on the cloud, as well as in-house security management that is offered by a
third party. Some of the solutions that you can avail touch on several categories, as outlined by the Cloud Security Alliance:
• Disaster recovery and business continuity. Tools that help you make sure that your IT and operations are back in no time when disaster
strikes.
• Continuous monitoring. Tools that allow you to manage risks continually by monitoring the security processes that are in place.
• Data loss prevention. Tools that protect, monitor, and verify the security of all of your data, whether they are in storage or in use.
• Email security. Protects your business from phishing, spam, and malicious attachments.
• Encryption. Makes your data unreadable unless it is decoded using the right numerical and cryptographic ciphers.
• Identity and access management. Provides authentication, access intelligence, and identify verification & user management tools.
• Intrusion management. Detects unusual events and behaviors using pattern recognition technology. These tools not only detect intrusions;
they also help you manage them.
• Network security. Tools and services that help you manage network access and distribute, protect, and monitor network services.
• Security assessment. Audits the current security measures you have in place to see if these are compliant with industry standards.
• Security information and event management. Tools that aggregate log and event information, which can be analyzed in real time to help
you detect possible anomalies and intrusion.
• Vulnerability scanning. Detects any vulnerability in your network or IT infrastructure.
• Web security. Gives you protection for online applications that are accessed by the public in real time.