The Cloud Security Alliance (CSA) has unveiled a pioneering zero-trust security credential, designed to establish benchmarks and encourage best practices in the rapidly evolving field of security technology.
On Wednesday, CSA announced this groundbreaking credential along with comprehensive training resources, aimed at equipping security experts with the necessary skills to devise and manage zero-trust frameworks within their organizations. “In an era where traditional security models are being outpaced by advancing technology, from industrial control systems to cloud computing and generative AI, zero-trust’s philosophy of 'never trust, always verify' is becoming increasingly essential,” remarked CSA co-founder and CEO Jim Reavis. He emphasized the growing trend of applying zero-trust principles across various technological landscapes to safeguard critical assets and prevent security breaches.
The newly introduced Certificate of Competence in Zero Trust (CCZT) promises to offer an extensive understanding of zero-trust architecture, its elements, and functionality. This certification incorporates fundamental zero-trust best practices endorsed by leading authorities such as CISA and NIST, CSA Research’s innovative approaches to the software-defined perimeter (SDP), and insights from zero-trust pioneers like John Kindervag.
Setting a Standard of Proficiency with CertificationsCSA’s move to launch this certification addresses the increasingly complex zero-trust landscape. Nick Edwards, vice president of Menlo Security, notes that while zero trust offers significant security benefits when implemented correctly, its value is often diluted by over-hyped industry frameworks. “Certificates can establish a foundational level of knowledge and skill, enabling organizations to discern effective zero-trust strategies amidst the noise,” Edwards comments.
Wayne Hankins, Gartner's Senior Director for Security and Risk Management, echoes this sentiment. He highlights the confusion caused by vendors promoting their products as complete zero-trust solutions and stresses the need for guidance from seasoned experts to navigate these claims effectively.
The Future Landscape: A Surge in Zero-Trust CertificationShane Miller, a senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, believes that the impact of such certification programs on zero-trust adoption will be gradual. He points out the current misalignment of cybersecurity investments with corporate incentives, a gap that entities like CISA are beginning to bridge.
The Accessibility and Impact of Low-Cost CertificationDean Webb, a solutions engineer with Merlin Cyber, underscores the potential of corporate recognition in driving the credential's industry-wide acceptance. He anticipates an increase in IT professionals seeking the CCZT certification, leading to more widespread implementation of zero-trust practices.
Webb also commends CSA’s decision to offer the CCZT training materials for free online, highlighting its affordability and appeal to ambitious individuals seeking to transition into security roles. This strategic move positions the CCZT as an accessible stepping stone for those aiming to delve into the security domain.
