FOREWORD

Technology today can seem like a dizzying carnival ride. It moves fast, changes directions without notice, and if you aren’t thinking about security, you can get hurt. Cloud computing is undoubtedly one of our most important and pervasive technologies. The cloud, in many ways, is the backbone of our global economy; it is used by consumers, businesses, and governments every day and has supplanted traditional, on-premises IT to a large degree. The idea of consuming compute as an on-demand service is compelling for organizations of all sizes and will only grow.

Securing the cloud is one of the most important mandates of the broader cybersecurity industry. The Cloud Security Alliance was formed in 2009 to address this issue and to create fundamental security best practices and educational programs to achieve this goal. CSA has grown into one of the most important security organizations worldwide, with more than 100 chapters and offices on five continents. CSA developed the Certificate of Cloud Security Knowledge (CCSK) to provide a competency benchmark for IT and security professionals to assure that they have the right set of skills to take all of the appropriate actions to secure the cloud computing they interact with. The CCSK is highly lauded, has won numerous awards, and is often a requirement for many positions.

Today, we are facing a critical skills gap in cybersecurity. Many studies have shown that the global gap in cybersecurity professionals literally runs into the millions. Of the professionals who are employed in our industry, a large number need to upgrade their skills from traditional on-premises IT security to the dynamic world of cloud computing. The CCSK is one of the keys to a better, more lucrative career.

Why is cloud security knowledge unique? Because cloud computing changes constantly and has a unique shared responsibility model, and the security best practices that must be employed have a great deal of nuance compared to those required for a computer that an administrator has complete control over. For example, performing vulnerability scans on traditional systems must be carefully coordinated to ensure that results are accurate and that other production systems are not impacted. On the other hand, the cloud has a tremendous number of new automation capabilities that can make many existing problems, such as patch management, much easier to address at scale. DevSecOps is a term describing a radical new approach to coordinated security with these new tools. It is important for you to understand the security differences in the cloud for operations, risk management, and, ultimately, for compliance with the plethora of security and privacy requirements.

To help meet these challenges, I am delighted to endorse this McGraw-Hill publication, the CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide, authored by CCSK trainer Graham Thompson. The CSA team has worked closely with McGraw-Hill to ensure that this book is a comprehensive guide to version 4 of the CCSK. Readers will be introduced to a diverse set of topics that make up the full body of knowledge that is the CCSK. Readers will be provided with everything needed to attempt and pass the examination for the CCSK. They will even receive a discount code to take the test at a reduced price!

For Cloud Security Alliance, a not-for-profit association with deep roots in the cybersecurity industry, raising the bar in how we protect the world’s information is more than a vocation—it is a passion. We truly believe that a few experts reading this tome may play an outsized role in saving our digital world. Thank you for choosing this book, and good luck in achieving the Certificate of Cloud Security Knowledge.

Jim Reavis
CEO, Cloud Security Alliance