Cloud policy
1. Overview
Cloud policy is a system of principles that provide guidelines on cloud use in the Company. The cloud guidelines are mainly implemented in an organization to ensure the confidentiality and integrity of the Company’s information (Srikanth et al.,2018). Companies use cloud policies for various reasons such as secure network, manage finance, optimization of costs, and also to manage performance it the organization.
- Purpose
The aim of implementing this cloud policy is to ensure security management in the Company. The cloud policy purposes of highlighting the authorities responsible for network systems. The Company recognizes this cloud policy as the guideline to secure its data from malpractices such as breaching (Demilo et al.,2017). The cloud gives strategies for handling the Company’s information and roles associated with the task of network security.
- Scope
The policy applies to all employees in the Company and the departments in the Company. The system also covers all cloud computing providing various services to consumers (Hemmings, Srinivasan & Swire,2019). Such services include infrastructure-as-a-service, software-as-a-service, and platform –as –a service Don't use plagiarised sources.Get your custom essay just from $11/page
4. Policy
4.1Train employees on network security techniques to reduce data breaches through malware and phishing activities. The employees need to be educated on securing data through the use of a strong password and logging out from the devices after use (Demilo et al.,2017). By doing so, it will reduce the chance of breaches in the Company’s data.
4.2Endpoint security-every department needs to department need to include defense –in –depth to secure network systems. The defense-in-depth will incorporate intrusion detections and biometric access control facilities to reduce risks in network security.
4.3Encrypt data-the departments should ensure a high level of data encryption, whether in motion or not. Encrypting data in transit will reduce the vulnerability of data attacks while it is in use (Fletcher & Liu,2017). The departments should seek for encryption service providers from the cloud providers. The encryption key should function the same as the work process available to reduce further actions from end-users.
4.4Checking compliance needs-the company expects every employee and department to double-check its compliances before using new cloud services. The department should evaluate whether a particular cloud service provider meets the security of data as required in the Company.
4.5The Company proposes for looking for a partner who will help in providing security solutions to cloud services. The department expects that, everyone consider using security solutions that are centered on artificial intelligence (Fletcher & Liu,2017). Using IT architecture structures such as SaaS is essential due to the security services they provide.
4.6The Company advocates for intrusion detection devices usage to enhance cloud security. The intrusion detections are capable of improving the safety of cloud computing through identifying attacks in the network systems (Hemmings, Srinivasan & Swir, 2019). The intrusion detections monitor areas vulnerable to threats and thus the departments can prevent risk occurrence.
4.7Asking question to cloud providers concerning the security of specific cloud services they have. Often, cloud computing vendors have differentiated security solution basing their services. By asking the questions, one is capable of deciding the vendor to acquire cloud service from. Thus, one will have critical implication of the cloud computing service selected.
5. Policy Compliance
5.1 Compliance evaluation
The IT authorities are responsible for evaluating the policy compliance in all departments. The teams can use various techniques to verify the policy compliance in every department (Singla & Mayer,2018). The IT authorities will provide a feedback to the company policy concerning their evaluation
5.2Non-Compliance
Any department or employee who fails to comply with policy and in any case violates the policy faces lawsuits and penalty fees.