CCSP Domain #1: Cloud concepts, architecture, and design [updated 2022]

Mosimilolu Odusanya
August 16, 2022 by
Mosimilolu Odusanya

As you prepare for the CCSP exam, you need to review the topics included in the (ISC)² CBK that was updated on August 1, 2022. This article highlights critical information to help you become familiar with the topics covered by the first of six domains of the CCSP exam outline. 

This section of the test encompasses basic concepts of cloud computing, design principles and the evaluation of cloud service providers. It accounts for 17% of the CCSP certification exam.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Domain 1: Cloud concepts, architecture and design

Each of the five subdomains covers a different aspect of cloud computing.

1.1 Understand cloud computing concepts

Candidates will need to understand cloud computing fundamentals and actual terminologies. NIST Special Publication 800-145, published in 2011, defined cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” According to NIST, this cloud model comprises

Five essential characteristics

  • on-demand self-service
  • broad network access
  • resource pooling
  • rapid elasticity or expansion
  • measured service

Three service models

  • software
  • platform
  • infrastructure

Four deployment models

  • private
  • community
  • public
  • hybrid

Testers need to review each of these concepts and their current evolutions.

Cloud computing roles

Candidates need to understand the roles and responsibilities of all parties involved in a cloud computing environment and how the various roles work together to keep cloud data secure:

  • Cloud service customer
  • Cloud service provider
  • Cloud service partner
  • Cloud service broker
  • Regulator

Key cloud computing characteristics

Candidates also need to understand the six key cloud computing characteristics that must be present for a service or offering to be considered part of the cloud:

  • On-demand self-service 
  • Broad network access
  • Rapid elasticity and scalability
  • Resource pooling
  • Measured service
  • Multitenancy

Building-block technologies

Candidates need to understand the five building-block technologies that make the cloud possible. A combination of these technologies allows better resource utilization and improves the cost structure of technology. Depending on the type of cloud service model, the customer may have more or fewer responsibilities for these technologies:

  • Virtualization
  • Storage
  • Networking
  • Databases
  • Orchestration

1.2 Describe cloud reference architecture

Candidates need to understand the various components required to develop and manage a cloud environment and how services are delivered, configured and managed. 

Cloud computing activities

Candidates need to understand the number of activities (and roles) to be performed by several parties to build, secure and manage a cloud environment:

  • Cloud consumer
  • Cloud provider
  • Cloud auditor
  • Cloud broker
  • Cloud carrier

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Cloud service capabilities

Candidates need to understand the three cloud service models that provide different capabilities. 

  • Application capability types
  • Platform capability types
  • Infrastructure capability types

Cloud service models

Candidates need to understand the differences among the various cloud service models and their functions.

  • Software-as-a-service (SaaS): The cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage and applications. The cloud customer is responsible only for the data.
  • Platform-as-a-service (PaaS): The cloud provider manages the virtual machines and networking resources and the cloud customer is responsible for deploying their applications in the cloud environment.
  • Infrastructure-as-a-service (IaaS): The cloud provider is responsible for the underlying infrastructure in the cloud environment. The operating system selection and configuration, patching and software tools and applications are under the control of the cloud customer. 

Deployment models

Candidates need to understand the four deployment models (public, private, community and hybrid models), how cloud services are hosted, who controls and operates them and what customers have access to. 

Cloud shared considerations

Candidates need to understand the various factors customers must consider before starting their journey to the cloud. 

  • Interoperability
  • Portability and reversibility
  • Availability
  • Security and privacy
  • Resiliency
  • Performance
  • Governance
  • Maintenance and versioning
  • Service levels (agreements)
  • Auditability
  • Regulatory compliance

Impact of related technologies

Candidates need to understand some of the critical and emerging technologies representing the fastest-growing applications of cloud computing.

  • Machine learning
  • Artificial intelligence
  • Blockchain
  • Internet of things
  • Containers
  • Quantum computing
  • DevSecOps

1.3 Understand security concepts relevant to cloud computing

Candidates need to understand various security concepts relevant to cloud computing:

  • Cryptography and key management
  • Access control
  • Data and media sanitization (e.g., overwriting, cryptographic erase)
  • Network security (e.g., network security groups)
  • Virtualization security (e.g., hypervisor security and container security)
  • Security hygiene

Common threats

Candidates need to understand various threats organizations face and risks inherent in utilizing cloud computing environments, such as data breaches, misconfiguration, inadequate change control and more. 

1.4 Understand design principles of secure cloud computing

Candidates need to understand the six phases in the secure cloud data lifecycle: create, store, use, share, archive and destroy.

They also need to review the difference between disaster recovery (DR) and business continuity planning (BCP) in a cloud environment. 

Candidates need to understand when, why and how cost-benefit analysis is carried out to determine whether the features offered by the cloud provider justify the costs associated with the cloud environment. 

Functional security requirements

Candidates need to understand the various security concerns (e.g., portability, interoperability and vendor lock-in) that must be evaluated, some of which are unique to the cloud service model and the shared responsibility model. 

1.5 Evaluate cloud service providers

Candidates need to understand some factors used to evaluate cloud service providers, their service offerings and their systems’ security. 

Cloud service evaluation criteria

Candidates need to understand what role “certification against criteria” plays in identifying trusted cloud services, such as ISO/IEC 27017, payment card industry data security standard (PCI DSS), etc. 

Cloud certification scheme

Candidates need to understand some system/subsystem product certifications, such as common criteria (CC) and federal information processing standard (FIPS) 140-2. 

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

How to prepare for the CCSP exam

Studying suitable material is recommended by (ISC)2 before taking the CCSP exam. The official materials include:

  • Official (ISC)² CCSP Study Guide, 2nd Edition
  • Official (ISC)² CCSP CBK Reference, 3rd Edition
  • Official (ISC)² CCSP Practice Tests, 2nd Edition
  • Official (ISC)² CCSP Flash Cards 
  • Official (ISC)² CCSP Study App

Need training? Design an individual CCSP learning path that better fits your needs and requirements to prepare for the CCSP certification. Start validating your cloud security knowledge by reviewing all the essential elements found in the first domain of the CCSP common body of knowledge (CBK) — Cloud Concepts, Architecture and Design

For more on the CCSP certification, check out our CCSP certification hub.


Mosimilolu Odusanya
Mosimilolu Odusanya

Mosimilolu (or 'Simi') works as a full-time cybersecurity consultant, specializing in privacy and infrastructure security. Outside of work, her passions includes watching anime and TV shows and travelling.