The Cloud Security Alliance (CSA) has introduced the Certificate of Competence in Zero Trust (CCZT), the industry’s inaugural authoritative zero trust certification.
CSA said the certification responds to the evolving landscape of pervasive technology and the inadequacy of legacy security models. It aims to equip security professionals with the knowledge necessary to develop and implement a zero trust strategy.
Zero trust is recognized by many as the future of information security. Jim Reavis, CEO and co-founder of the Cloud Security Alliance emphasized its applicability across various technological domains, from industrial control systems to cloud computing and generative AI.
“Zero Trust ‘never trust, always verify’ principles are clearly the path forward, and we anticipate virtually all organizations to apply this strategy to diverse technological environments in order to protect strategic assets and prevent breaches,” Reavis said.
The CCZT program provides a comprehensive education, drawing on best practices endorsed by industry experts, standards bodies and governments. Notably, it incorporates foundational principles from leading sources such as CISA and NIST, as well as innovative insights from CSA Research and the expertise of zero trust pioneer John Kindervag.
“Having an actual measuring stick could be the impetus that companies need to really commit to ZTA [zero trust architecture(s)] and understand the outcomes,” commented Jonathan Trull, chief security officer at Qualys. “Being certified will help organizations establish clear goals and be more effective in implementation.”
The CCZT is expected to become a crucial asset as organizations embrace zero trust, with estimates indicating that 60% adoption will occur by 2025, according to Gartner. Dean Webb, cybersecurity solutions engineer at Merlin Cyber, agrees with these views.
“As firms add CCZT to their list of desired and required certifications, it will drive IT professionals in general to seek the certification as a gateway to future opportunities,” Webb said. “As that happens, firms will adopt more zero-trust practices simply because they have the staff on hand that understand them and want to see them in place.”