This accomplishes two goals by helping you create your policy and making sure your policy is in alignment with your cloud provider so as not to run afoul of their guidelines. Finally, look to what other organizations have published and what standards bodies like the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), and other organizations that create cloud security policies and guidelines have written.
Once you have put down on paper this first basic cloud policy, pass it around to your peers, department heads and other people in your organization who might have some input. After all the feedback has been reviewed, complete a final policy, publish it and make sure everyone reads and accepts it.
As you begin your operations in the cloud, take what you learn and incorporate the refinements in future policy revisions on a regular basis. The better you define your cloud policy, the better everyone will understand how to leverage the cloud and reduce the risk to your organization.
Sign up for Computerworld eNewsletters.