Cloud Security Alliance announces new Zero Trust security credentials

The Cloud Security Alliance (CSA) on Wednesday raised the curtain on new certification and training materials to enable security professionals to build the knowledge they will need to implement and manage a Zero Trust strategy in their organizations. “From industrial control systems to cloud computing to generative artificial intelligence, the world of pervasive technology has moved beyond legacy security models,” Jim Reeves, co-founder and CEO of CSA, said in a statement. “This is clearly the way forward, and we expect almost all organizations to apply this strategy to diverse technology environments in order to protect strategic assets and prevent breaches,” he continued.

According to the CSA, the new Certificate of Competency in Zero Trust (CCZT) will provide the holder with an in-depth understanding of the Zero Trust architecture, its components and how it works. It also includes foundational Zero Trust best practices from leading trusted sources like CISA and NIST, innovative work on software-defined perimeter (SDP) by CSA Research, and guidance from Zero Trust experts like John Kindervag, founder of CSA Research. Zero trust philosophy.

Certifications create a baseline of knowledge and competence

By launching its own certification program, the CSA is stepping into territory that has become muddy over time. “Zero Trust is a compelling construct that, if implemented correctly, provides significant security value to the organizations that adopt it,” says Nick Edwards, vice president of Menlo Security, a Zero Trust web security company. “Unfortunately, like many things in the technology industry, industry frameworks are overrated and abused by the vendor community, leading to dilution of value and general skepticism toward the original idea.”

“Certifications can be a good way to create a foundation of knowledge and competency that helps organizations properly implement Zero Trust and focus on the ‘signal’ from the ‘noise,’” Edwards adds.

Wayne Hankins, senior director of security and risk management at Gartner, agrees. “The cybersecurity paradigm is often obscured by vendors who present their products as single (zero-trust) solutions,” he says. “To implement a zero trust strategy in-house without getting caught up in vendor noise, organizations will need guidance from experienced thought leaders.”

More zero trust certificates are needed

It may take some time, but certification programs will have an impact on the spread of Zero Trust strategies. “This certification program will not have an immediate impact on the adoption of zero trust architectures because cybersecurity investments are not aligned with existing corporate incentives,” says Shane Miller, a senior fellow at the Atlantic Council’s Cyber ​​Statecraft Initiative. “There is dramatic global change on the horizon, led by organizations like CISA in the US, that will begin to address this imbalance.”

“Distrust is a change in company culture, and like any culture change, it can only succeed if the results are understood and evaluated,” Miller adds. “We still have a lot of education and advocacy to do on Zero Trust principles and architecture, and initiatives like this certification program are incrementally moving stakeholders forward. We need more programs like Zero Trust Competency Certification.”

The low cost of the certification makes it ideal for beginners

The key to industry-wide recognition and acceptance will be in enterprise adoption, says Dean Webb, solutions architect at Merlin Cyber, a provider of cybersecurity, identity and access management solutions. “As companies add the CCZT to their list of sought-after and sought-after certifications, it will generally push IT professionals to look to the certification as a gateway to future opportunities. When that happens, companies will adopt more zero trust practices simply because they have employees on hand that understand them and want to see them.” In their place.”

Webb praised CSA’s decision to offer all CCZT training materials free online. “The low overall cost of the certification makes it ideal for beginners who have their own personal goals,” he says. “People in other areas of IT who are looking to get into security would be better off grabbing it.”