Cloud Security Policy

8 steps to write a cloud security policy

Everything is moving to the cloud – a cliche we have heard so often that we have started to believe it to be true. To some extent, it is. The infosec professional has been caught on her heels about cloud security. Just when she got round to analysing the risks of virtualisation, the monster of cloud based services crept up behind her. The simplicity and attractive pricing offered by cloud service providers makes the shadow IT sign up for the service before you could say ‘cloud security’.  There are myriad arguments flying around…

“Everyone’s using Evernote! What’s infosec got to do with it?”

“…but it is free for up to 5 users and we are not more than 5 users!”

“This is way cheaper than what my accounts package costs…and I can access it from home.”

These are words that strike terror in the heart of infosec professionals.

[…]