Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organisation’s information security requirements.
In recent years, with more businesses moving towards cloud services, using, and managing cloud services have become a vital aspect. In fact, most small and mid-size businesses use the cloud as the core of their IT infrastructure. While there is significance in using cloud services; misconfiguration, and inadequate management of cloud services could be devastating. This control emphasises establishing a process to better access, use, maintain, and exit from cloud infrastructure.
Information security for use of cloud services should be a top-specific policy. Some organisations might prefer to merge this policy as a part of their infrastructure policy or keep it separate. Either method is acceptable if they specific define and communicate the use of cloud services.An organisation should clearly specify and express its intention regarding the use of cloud services. Whether cloud services would construct the organization’s network wholly or partially. This clarification would draw a clear picture for operational and technical parties within the organization to plan, design and implement the network. Additionally, this would help the organization to understand the responsibilities of cloud service providers and vice-versa. Use of cloud services policy might include, but is not limited to aspects mentioned below:
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.