The second domain of the CCSP is ‘Cloud Data security. This vast domain tests the candidate’s technical knowledge of:
There are many phases to the cloud data life cycle
Cloud data storage architecture, including storage types, security threats and controls
Data security strategies and other objectives
This domain of the CCSP certification carries 20% importance in the exam. The sub-objectives for the CCSP Domain 2 – Cloud Data security are:
Understanding the Cloud Data Life Cycle (Cloud Security Alliance guidance). The exam requires that the candidate has a thorough understanding of all stages of the cloud data cycle, including creating, storing and using, sharing, archiving and destroying. The candidate must also be able to understand the security controls and risks associated with each stage in the cloud data cycle. For example, how to upload data securely while performing the “create” phase.
Designing and Implementing Cloud Data Storage Architectures Subscribers can access and use the cloud infrastructure, including shared resources, storage, servers and hard drives, on a need basis. They also pay for the services. Cloud software, also known as SaaS, is a subscription-based service that allows users to access the various features of the software from anywhere and anytime. SaaS allows you to work with cloud applications via an API. SaaS is a way to work with applications on the cloud via an API. (Certified Cloud Security Professional).
Designing and applying effective data security strategiesThe next sub-objective tests the certification seeker’s knowledge about designing and planning data security strategies such as encryption, key management, masking, and tokenization. This domain requires that the candidate understands how to apply technologies such as cloud storage time and duration, masking and tokenization, and the design and application of new cloud technologies like homomorphic encryption which can process encrypted data without decrypting.
Understanding and Implementing Data Discovery & Classification Technologies. Candidates are expected to understand and apply different data discovery and classification technologies in context to the next objective. Data discovery methods that are widely used include metadata based, label based, and content based data discovery. Once data is discovered, it must be classified. Candidates should be able to comprehend classification technologies like encryption and DLP (data loss prevention or data leak protection).
Designing and Implementing Relevant Juisdictional Data Protections For Personally Identifiable Information