dcsimg

Ten Questions to Ask When Writing a Cloud Security Policy

  • Ten Questions to Ask When Writing a Cloud Security Policy-

    What have others in our industry done and what can we borrow? Calling up a peer who’s already ventured into the cloud and has experience with the good, the bad and the unexpected can really help you craft your policy. Checking out what a standards body, like ISO, NIST or the CSA, has created is also a great idea for discovering policy areas you may not have considered.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

Ten Questions to Ask When Writing a Cloud Security Policy

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
  • Ten Questions to Ask When Writing a Cloud Security Policy-5

    What have others in our industry done and what can we borrow? Calling up a peer who’s already ventured into the cloud and has experience with the good, the bad and the unexpected can really help you craft your policy. Checking out what a standards body, like ISO, NIST or the CSA, has created is also a great idea for discovering policy areas you may not have considered.

Cloud security seems to baffle people, and it is not surprising why. It seems like no one is quite sure who is in charge of security in the cloud. Is it the company who owns the data stored there or is it the cloud provider? Or should it be some kind of combination of the two?

A combination of the data owner and the cloud provider may be the best option for security, but it has to be up to the data owner to make sure they are doing everything possible to make sure that information is kept secure. Yet, according to a Ponemon Institute study, 36 percent of businesses do not have a centralized cloud security policy in place and 45 percent do not enforce employees’ use of private clouds. This despite the increase of cloud adoption in the workspace.

So what do you need to know about developing a solid cloud security policy? According to Scott Hazdra, principal security consultant for Neohapsis, a security and risk management consulting company specializing in mobile and cloud security services, it is all about thinking of the right questions and understanding your cloud culture and what you are moving into the cloud.

Hazdra provided the following questions a company should ask when writing up a cloud security policy.