ABSTRACT

The Cloud Security Alliance is one of the leading think tanks around cloud security. Much like the acceptable use policy, the cloud use policy provides guidance for how employees should regard the use of public clouds for company purposes. Enact a security policy that restricts the use of public cloud services without proper approvals. Incorporate this as part of practitioners' information security policy so that it has the weight of corporate enforcement. The cloud use policy must be socialized to the entire organization, especially business, corporate services, information technology and development executives. The policy provides the basis for enforcement and should be incorporated into practitioners' information security awareness training. To fulfill the avalanche of requests, create a cloud approval workflow that provides an easy-to-understand process for practitioners organization to submit its public cloud use requests.