Chances are your company has several common sense security policies, like not giving out sensitive information over the phone to random callers, locking the door if you’re the last one to leave, and making sure nobody steals someone else’s lunch from the refrigerator.
You’ll want to apply that same type of commonplace wisdom when it comes to storing important data and documents in the cloud, but of course things can get a bit more complicated. Companies are now major targets for data hacks, so establishing a strict information security policy is a necessity. Here are some quick do’s and don’ts when getting started on building a cloud security policy for your company:
- Don’t Rush Into Anything. Preferably, you’ll want to create an information security polocy before you begin hosting sensitive data with any cloud app or service. An important first is just getting organized. You’ll want to figure out which data to store in the cloud, how you want to classify it, and how to segment it. For instance, you won’t want your uber-confidential customer details stored in the same place as , say your public press releases.
- Do Pick the Right Team. Make sure you chose the right IT staff to act as administrators and guardians of your information security policy. These should be reliable folks who you can trust with sensitive information and access. They’ll be the ones doing things like helping negotiate SLAs (service level agreements), designating access, transferring data, and monitoring storage usage.
- Do Research on Cloud Providers. Research cloud apps and providers to find the best ones that suit the unique needs of your business, as it applies to an information security policy. Explore the cloud app ecosystem to get an idea for different providers and the sanctioned and unsanctioned apps they work with. Before agreeing to any terms, determine questions like where your data will physically be located, what they provider’s application security policy is like for sensitive data, what their level of administrative privileges will be like, and what the strategy would be for removing important data when needed.
- Don’t Automatically Block. IT departments that knee-jerk with “no” when building an information security policy are going the way of the dinosaur. Sure, you have to draw a line somewhere when it comes to app redundancy and the most egregious of security violators (such as poorly-rated apps), but beyond that, you should adopt an application securi