Cloud training courses offer state and local government agencies the opportunity to build up their employees’ cloud skills, within the IT realm and beyond. But if CIOs and IT leaders want their employees to attain a certain level of proficiency with cloud technologies, they can have them take courses to achieve cloud certifications.
There are numerous options for government IT workers if they want to attain cloud certifications for cloud architecture and cloud security.
“Training is the most important thing we can provide as managers to our employees, looking at our ever-changing landscape in technology” says Wesley Simpson, COO of (ISC)², a nonprofit organization that specializes in training and certifications for cybersecurity professionals. “The bad news is there is no one silver bullet. There is no one fix.”
There are several cloud certifications that are industry standards, such as the Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP), as well as cloud certifications that are specific to different cloud service providers. Regardless of which avenue an agency IT leader goes down, getting staff trained and certified in cloud services is key, Simpson says.
“You have got to invest in your team. You have got to invest in your staff,” he says. “There is no one-size-fits-all approach. You’re going to want to tailor it to the individual as well as to the environment that you are trying to solve. It could be anything from hands-on training to a certificate to a certification to a degree. The more diversity you have in training on your team, the better.”
Cloud certifications are likely going to become more important in the years ahead. Gartner expects double-digit growth in government use of public cloud services, with spending forecast to grow 17.1 percent on average per year through 2021. According to the research firm, local governments spend roughly the same amount of their IT budgets on cloud as companies across all industries, at a little more than 20 percent.
Why Cloud Certifications Are Important to State and Local Government
Simpson says that the “the great thing” about certifications is that they provide “a certain level of proficiency. It really trues up and brings forth a lot of the common lexicons and terminology and frameworks and standards associated with that infrastructure around the cloud environment.”
Attaining a CCSP or CISSP certification will not make an IT staff member an expert overnight in cloud, Simpson says. “But it’s going to expose you to a level where you’re going to be able to have more confidence, more clarity and overall, a general understanding of the cloud infrastructure.”
IT staff members can then obtain a deeper immersion and understanding within cloud security or architecture domains with additional courses or certifications. Within the CCSP program, those domains include architectural concepts and design requirements, cloud data security, cloud platform and infrastructure security, cloud application security, operations, and legal and compliance.
Cloud certification enables agencies’ IT teams to focus on an ever-evolving challenge to balance reliability, security and compliance requirements, Simpson says.
Certifications help IT staff “ask the smart questions, ask the right questions of all environments, and they help to provide a basis for solving them,” Simpson says.
As agencies are working with cloud vendors like Microsoft and Google, certifications allow staff members to “stand toe-to-toe with them and truly understand” the services they are providing, the risk and vulnerabilities that need to be taken into account, and which party has responsibility for data and governance, Simpson says.
“It does bring your team up to that level of proficiency that they should be able to continue to build upon and mature their skill level,” Simpson adds. Having a team with a diverse array of certifications and experience is important, he says.
Cloud certifications help build up confidence in both IT leaders and their staffs. “As a manager, I want to have the confidence that my team knows how to support and maintain these third-party systems that are hosted. A lot of IT teams think, ‘Well, if we just put it in the cloud, we’re done.’ And that’s not the case. They’re not done. There are still a whole host of services that the internal IT teams and security teams still need to perform.”
Which Cloud Certifications Are Key for State and Local Government?
According to (ISC)² research, the No. 1 sought-after cloud certification for 2019 is the CCSP, Simpson says. Provided by (ISC)², Simpson notes that the organization’s certification is vendor-neutral. “We’re really looking more at the fundamentals and basics of cloud security and not tying it down to a particular vendor,” he says. “We teach the skills that can correspond and transcend across any architecture and infrastructure, no matter which technology you have aligned with.”
The CCSP “recognizes IT and information security leaders who have the knowledge and competency to apply best practices to cloud security architecture, design, operations and service orchestration,” according to (ISC)². It is ideal for “experienced, high-achieving IT and information security professionals who work in and/or consult about cloud platforms.”
The second big certification to look at is the Certificate of Cloud Security Knowledge, which is offered by the nonprofit Cloud Security Alliance. The CSA says that the CCSK helps IT staff validate “competence gained through experience in cloud security” and demonstrate “technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards.”
Since the CSA first released the CCSK in 2010, “thousands of IT and security professionals have taken the opportunity to upgrade their skillsets and enhance their careers by obtaining the CCSK,” the CSA states.
A third certification Simpson recommends is the Certified Cloud Security Specialist (CCSS), offered by the firm Global Science and Technology Forum. Simpson notes it is a more basic certification focused on risk and risk assessment of the cloud.
The CCSS is a three-day “intensive training program” with project work components that focus on cloud computing with respect to its security aspects, according to the Global Science and Technology Forum. The CCSS gives users knowledge about cloud security issues from an architectural design perspective, and also covers cloud computing security taxonomies for architectural and technological security as well as process and governance-related security.
A fourth certification is the Professional Cloud Security Manager (PCS), offered by the Cloud Credential Council, which enables users to “understand how to secure the different cloud computing services and deployment models and also how to design security in the cloud infrastructure, configurations, and applications running within a cloud computing environment.”
And a fifth, Simpson noted, is the Certified Integrator Secure Cloud Services certification, offered by Exin, a more technical certification that brings an “IT service management flavor into that security realm,” Simpson says.
As CIO notes, those are not the only cloud certifications to go after, and there are several that are vendor-specific.
How to Decide Which Cloud Certifications Are Right for Your Team
When deciding which cloud certifications employees should seek, state and local government IT leaders need to first assess their operating environment and ensure they have qualified cloud security professionals in place at all levels, Simpson says. Once they know the areas in which they are strong and in which they are weak, they can determine which certifications can help close the gap.
“It may not all come from just one area,” Simpson says. “You may have various needs, and that may take various training platforms or certifications in order to fulfill.”
“Part of it is just having that open and mature and professional conversation with your yourself and with your team and with your organization,” he adds. “Really, where are we on the process, the maturity on the cloud lifecycle? And how do we make the best use of our staff as well as our funds in order train our employees to the most effective asset” for the organization?
Once employees get certifications, they need to be able to build on that into continuous, lifelong learning to enhance their skills over time. “What you don’t want to create is a team of paper dragons,” Simpson says, meaning a team of IT users that has passed their certifications and done nothing more.