Top 12 cloud security certifications

Since publishing our list of top cloud security certifications in 2021, the sector has changed dramatically. Our new recommendations reflect these sweeping changes so that cloud security professionals can find the ideal certification for them.

This ideal certification will vary from person to person. Some might prefer to focus on one of the cloud providers that is challenging incumbent market leaders like Amazon Web Services (AWS) and Azure, such as by taking the Alibaba Cloud Academy Security Associate certification.

Others prefer to focus on cloud security related to emerging technologies. Azure AI Engineer Associate offers just this opportunity: training candidates on developing and securing AI applications end-to-end.

Still, other professionals may wish to specialize in a particular area of cloud security. These professionals might be interested in GIAC Cloud Threat Detection (GCTD), a new offering that addresses the need for upskilling and credentialing in threat mitigation.

No matter your interests, you’ll find a certification right for you.

Which cloud security certification is best for you

Each cloud security certification has dozens of attributes, but only a handful should matter in your decision-making. These dimensions should guide your thinking on which cloud security certification to prioritize:

• Vendor-neutral vs. vendor-specific: Some platforms provide best practices that apply to all cloud environments, whereas others dive deeply into the nuances of a specific provider. The critical question is whether you want your credentials to be more general or specialized.

• Training and exam costs: Cloud security certifications have a broad range in training and exam pricing, making cost a salient issue. For example, at US$4,995 per year for the required Oracle Cloud Applications Learning Subscription, the Oracle cloud certifications are a significant investment. No matter the price, professionals must examine whether the credential’s potential ROI can justify the upfront costs.

• Recommended preparation: Some cloud security certs have firm prerequisites, but most provide only recommendations for experience and background. Professionals should consider these guidelines closely to ensure they get the most out of each certification.

• Time commitment: Training varies significantly for each certification. On the shorter end, the IBM Cloud Security Engineer Speciality’s learning path takes only 11.1 hours, while others are a multiple of that. Professionals should choose the certification that matches their schedule and available time.

• Training and exam modalities: Training modalities vary from on-demand videos to instructor-led onsite sessions. Professionals should prioritize certifications that offer modalities that best match their learning style. Professionals should also choose the exam structure that plays to their strengths. For example, a cloud specialist who does poorly with live coding may want to avoid the Certified Kubernetes Security Specialist, culminating in a proctored exam built around a command line running Kubernetes.

Top 12 cloud security certifications

• Alibaba Cloud Academy Security Associate
• AWS Certified Security — Speciality
• Google Professional Cloud Security Engineer
• IBM Cloud Security Engineer Speciality
• Microsoft Azure AI Engineer Associate
• Oracle Cloud Infrastructure 2023 Security Professional
• Certificate of Cloud Security Knowledge (CCSK)
• Certified Cloud Security Professional (ISC2-CCSP)
• Certified Kubernetes Security Specialist
• CompTIA Cloud+
• EC-Council Certified Cloud Security Engineer
• GIAC Cloud Threat Detection (GCTD)

To help facilitate your choice in certs, we have broken our list into two main sections: vendor-specific and vendor-neutral certifications.

Vendor-specific certifications

Alibaba Cloud Academy Security Associate

Alibaba Cloud Academy offers the ACA Security Associate, which focuses on Alibaba Cloud Security products, such as ServerGuard and Anit-DDoS basic. This certification is ideal for software and operations engineers using Alibaba Cloud Security products. The video-based preparation course covers network fundamentals, network security, data security, and other topics and takes approximately 8 hours to complete. Candidates must pass the exam with a minimum of 60 out of a 100 score. Candidates who pass get a certificate, badge, access to the community, and even job recommendations. Certificate holders can obtain the ACP Cloud Security Professional as their next certification.

Training fees: US$199

Exam fees: US$120

AWS Certified Security — Speciality

Although Amazon Web Services has more competition than ever, its AWS Certified Security — Speciality is still an in-demand certification. The certification is ideal for cloud architecture, database, networking, and DevSecOps professionals. The certification covers data classifications, data protection mechanisms, data encryption methods, and secure internet protocols through the lens of relevant AWS cloud mechanisms. There is a free preparation standard course that takes 6.5 hours to complete. The exam consists of 65 multiple-choice or multiple-response questions that can be taken with a proctor online or onsite. Certificate holders may want to pursue other AWS certifications after this one, such as AWS Certified DevOps Engineer — Professional or the AWS Certified Advanced Networking — Specialty.

To qualify for the exam, you should have five years of IT security experience, including at least two securing AWS workloads.

Training fees: The standard preparation course is available for free. AWS also offers an enhanced preparation course more than twice as long in duration that is included in an AWS Skill Builder subscription, which begins at US$29 per month.

Exam fees: Prices vary by country or region. In the United States, the exam is US$300.

Google Professional Cloud Security Engineer

Google offers Professional Cloud Security Engineer for cloud security engineers who want to use Google Cloud technologies to design, develop, implement, and manage workloads and infrastructure. Candidates can prepare for this certification through a learning path comprising 16 activities, beginning with a tour of Google Cloud and culminating in a course on threat mitigation with the Security Command Center. The 50- to 60-item exam takes 2 hours and can be in online- or onsite-proctored formats. The certification is valid for two years, and candidates must recertify by retaking the exam.

To qualify for the exam, you should have three years of industry experience, including at least one year using Google Cloud.

Training fees: Learning path available for free

Exam fees: US$200

IBM Cloud Security Engineer Speciality

IBM training administers the IBM Cloud Security Engineer Speciality, part of the IBM Professional Certification Program. Spanning 11.1 hours, this learning path covers access control, security solution configuration, securing infrastructure, and Kubernetes services, all with IBM Cloud. This certification is ideal for security engineers who maintain an organization’s security posture, respond to security incidents, and implement best practices. To pass the 44-item exam, candidates must correctly answer at least 24 questions. Candidates who pass the exam receive a digital badge that can be displayed on social networks such as LinkedIn.

Training fees: Learning path and study guides and flashcards from IBM Cloud Prep are free.

Exam fees: US$100

Microsoft Azure AI Engineer Associate

Microsoft offers numerous certifications specific to security, such as the Azure Security Engineer Associate. While these provide a strong foundation, the hottest security certification at Microsoft may be the Azure AI Engineer Associate, which is targeted toward AI engineers who need to build or integrate secure AI solutions through Azure AI. The preparatory course takes an estimated four days and covers Azure AI Services, Azure AI Search, and Azure OpenAI. The proctored online exam takes 100 minutes; certificate holders must recertify every 12 months by taking a renewal assessment.

To qualify for the exam, you should have familiarity with Azure and programming experience in C# or Python.

Training fees: Free

Exam fees: Prices vary by country or region. In the United States, the initial exam costs US$165. The renewal assessment is free.

Oracle Cloud Infrastructure 2023 Security Professional

Oracle University offers Oracle Cloud Infrastructure 2023 Security Professional. This certification targets professionals securing their organization’s Oracle Cloud Infrastructure environment. The 26-hour learning path covers identity and access management, network security, database workloads, security operations, and compliance frameworks through OCI services and features. The 90-minute exam consists of multiple-choice questions and hands-on challenges; candidates need at least 60% to pass. The exam will be phased out on July 15, 2024, in favor of Oracle Cloud Infrastructure 2024 Security Professional, its next update on the credential.

To qualify for the exam, you should have two years of IT security experience, including at least six months using Oracle Cloud Infrastructure.

Training fees: To take the Cloud Security Professional (2023) learning path, candidates need an Oracle Cloud Applications Learning Subscription, which costs US$4,995 per year.

Exam fees: US$245

Vendor-neutral certifications

Certificate of Cloud Security Knowledge (CCSK)

As a certificate and not a certification — an important distinction — the Cloud Security Alliance (CSA) positions its Certificate of Cloud Security Knowledge as the foundation for future credentials and upskilling in the sector. From this perspective, the CCSK is helpful for cybersecurity analysts, compliance managers, security engineers, architects, and administrators. This vendor-neutral certificate covers topics in cloud incident response, application security, data encryption, and more. CCSK offers a variety of training modalities, including an exam prep kit, instructor-led classes offered virtually and in person, and an online self-paced option. Candidates must score at least 80% on the exam, randomly pulling 60 multiple-choice questions from a test bank. A new version of this certificate will be offered beginning July 2024.

Training fees: Prices vary based on modality. A course bundles the exam for US$795, and online, instructor-led training begins at €1160.

Exam fees: The exam costs US$599, though discounts are available for corporate members, and US military veterans can take it for free.

Certified Cloud Security Professional (ISC2-CCSP)

International Information System Security Certification Consortium (ISC2) offers the Certified Cloud Security Professional. In its 2Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners determined that this certification is one of the most prized among employers, delivering an average pay premium of 11% for the cloud architects, engineers, consultants, and administrators. ISC2-CCSP covers six modules, including cloud concepts, architecture, and design, and goes up to legal, risk, and compliance. The US Department of Defense also approves the certification, which may be helpful for those seeking work at government agencies or third-party contractors. After passing the 125-question multiple-choice exam, ISC2-CCSP holders must renew their certification by taking 60 continuing professional education credits every three years.

To qualify for the exam, you must have five years of relevant professional experience.

Training fees: Professionals can buy self-paced online training for the ISC2-CCSP for US$963.75, bundle it with an exam for US$1,562.75, or avail of third-party training.

Exam fees: Pricing for the ISC2-CCSP varies by region. In the United States, the ISC2-CCSP exam is US$599.

Certified Kubernetes Security Specialist

In partnership with The Linux Foundation, the Cloud Native Computing Foundation (CNCF) developed the Certified Kubernetes Security Specialist (CKS). CNCF has made the curriculum for the CKS open-source on GitHub. The 30-hour training course focuses on securing container-based applications and Kubernetes during the development life cycle, including cloud security, cluster preparation and installation, networking, issue detection, and domain review. The 2-hour online exam involves solving problems through a command line running Kubernetes and screen sharing with a live proctor. The certification is valid for two years. 

To qualify for the exam, you must have an active Certified Kubernetes Administrator (CKA) Certification and have access to a Linux server or computer to complete the training course.

Training fees: The Linux Foundation offers the Kubernetes Security Essentials course as a stand-alone course for US$299 or as a bundle with the exam for US$595.

Exam fees: US$395, including a free retake

CompTIA Cloud+

Unlike most others on this list, the CompTIA Cloud+ certification provides more general training on the cloud. Still, cloud security features prominently in its curriculum: Candidates will learn vulnerability management, compliance adherence, and security controls. Because CompTIA Cloud+ also provides instruction in cloud architecture, deployment, operations, troubleshooting, and DevOps fundamentals, it may be most beneficial for professionals who want a broader context when learning about cloud security. The online or onsite proctored exam consists of 90 multiple-choice and performance-based questions. Professionals must renew their certification by taking 50 continuing education units (CEUs) within three years.

To qualify for the exam, you should have five years of IT experience, including at least two to three as a systems administrator or cloud engineer.

Training fees: CompTIA Cloud+ offers three bundles, including an exam voucher: a self-paced study guide for US$475, an exam prep option for US$591, and an eLearning product for US$1059.

Exam fees: US$369 (can be financed monthly)

EC-Council Certified Cloud Security Engineer

The EC-Council offers Certified Cloud Security Engineer (C | CSE). The certification is notable for its overall approach: Rather than go vendor-neutral, C | CSE provides training on three of the most popular cloud services in AWS, Azure, and Google Cloud. The certification also gives general best practices in configuration, security, pen-testing, incident response, and business continuity and disaster recovery. The target audience of this certification includes InfoSec professionals, cybersecurity engineers and analysts, and network security administrators. Candidates must earn a 70% score on the 125-multiple choice exam to earn the C | CSE certification.

To qualify for the exam, you should have two years of IT experience.

Training fees: Exam prep is available for US$99, though EC-Council also offers live and group training that candidates can inquire about.

Exam fees: US$100 (may be waived via official training)

GIAC Cloud Threat Detection (GCTD)

GIAC has extensive cloud security offerings, including the GIAC Cloud Security Automation (GCSA). One of its latest offerings is the GIAC Cloud Threat Detection certification (GCTD), designed for security analysts, engineers, architects, vulnerability assessors, and other professionals involved in monitoring, threat detection, and incident response. The certification covers automation, cloud management, threat intelligence, and host and network logging. Candidates must score at least 70% on the 75-question onsite or online proctored exam. Certificate holders must take 36 credits in  over four years to keep the GCTD valid.

Training fees: GIAC offers live training for GCTD in various cities worldwide, starting at US$8,020.

Exam fees: US$979

More on security certifications:

• 5 certifications that can boost a cybersecurity leader’s career
• 12 hottest IT security certs for higher pay today
• 6 security analyst certifications to advance your career