Information security uses administrative, technical (logical), and physical controls to mitigate risks related to organization’s assets. A policy is an administrative control.
If no policy exist in the IT department, research shows that employees will default to a defacto policy. A defacto policy means a policy that is in effect ,but not formally recognize. To stop this for happening, It is important for students to understand how to take the cloud best practices discussed throughout this course and use them to create a cloud security policy. Cloud security fundamentals and mechanisms is a huge part of the cloud security policy.