CCSP
The CCSP certification is internationally recognized and represents the pinnacle in cloud security knowledge. It was co-created with (ISC.2) and the Cloud Security Alliance. (CSA) are two of the most respected cloud computing security organizations. This certification is in response to the growing demand for certified and trained Cloud Security Professionals. A CCSP demonstrates expertise in Cloud Security architecture, design and operations. It also demonstrates information security expertise in a Cloud computing environment. This professional competence is evaluated against a body that is internationally recognized.
Domains of CCSP
CCSP includes six domains.
Domain 1: Cloud Concepts, Architecture and Design (17%)
Domain 2: Cloud Data Security (19%)
Domain 3: Cloud Platform & Infrastructure Security (17%)
Domain 4: Cloud Application Security (17%)
Domain 5: Cloud Security Operations (17%)
Domain 6: Legal, Compliance, Risk, and Compliance (13%)
This blog will focus on the second domain, Cloud Data Security.
Cloud Data Security
Cloud Data Security is the second domain of CCSP. It covers the central portion of the CCSP exam. It has a weightage 19%. It focuses on:
Describing Cloud Data Concepts
Cloud Data Storage Architecture Design and Implementation
Designing and applying data security strategies and technologies
Data Discovery
Implementing Data Classification
Designing and Implementing Information Rights Management, (IRM)
Understanding the Cloud Data Lifecycle
This allows us to understand the data’s lifecycle. These are commonly referred to as CSUSAD. This stands for Create Store, Use, Share Archive and Destroy. There are three types of data:
Data in Transit (DIT).
Data in Use (DIU).
Data at Rest (DAR).
To ensure security at these stages, it is important to understand the organization mapping for each stage of a DataLife Cycle. The CCSP is developed by the Cloud Security Alliance (CSA), which provides guidance on the Cloud Data Lifecycle. Candidates who wish to become CCSP certified must be familiar with the phases of the Cloud Data Lifecycle and the data protection tools that are used to execute them. Data Lifecycle also includes Data Dispersion, which is used to ensure redundancy and robustness.
Cloud Data Storage Architectures: Designing and Implementing
This section explains the various types of Cloud Storage Services that are available. They vary according to the service model. This section of the CCSP covers all aspects of cloud storage. You will need to be familiar with the different storage types (emeral, long-term, and raw-disk) and the storage types we use in SaaS and PaaS. We are taught about the benefits and drawbacks of these storage options. We also learn about the potential threats to each type storage (unauthorized access, unauthorized usage, liability due regulatory non-compliance etc.). These threats can be addressed and mitigated using encryption and other technologies.
Designing and applying data security strategies
This section is the most important from an exam perspective. This section teaches us about the different data-protection tools available and how to use them. We will learn about:
Key management and encryption: Symmetric and Asymmetric encryption, ECC, RSA and AES
Hashing
Masking: Dynamic and static masking
Tokenization
Data Loss Prevention (DLP)
Data Obfuscation
Data De-identification and new and evolving cryptography-related technologies.
Understanding and Implementing Data Classification Techniques
This section explains the various methods of finding data in a cloud environment. It also teaches you how to properly classify data. It’s about analyzing data value based upon its criticality and sensitivity. We learn about:
Mapping: This involves mapping sensitive data