Cloud security is an ever-growing threat to our organization and as such we must be prepared to handle any situation that may arise. Below is a set of policies that at minimum must be handled in order to assure that the storage of the data is compliant with local laws and meeting governance standards to ensure that we are not holding data that is no longer necessary. (Risk of financial loss).
The purpose of this policy is to define cloud security assessments within The Diocese of Paterson. Cloud security assessments are performed to identify potential or realized weaknesses as a result of inadvertent mis-configuration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of The Diocese of Paterson services available both internally and externally as well as satisfy compliance with any relevant policies in place.
This policy covers all Cloud security assessments requested by any individual, group or department for the purpose of maintaining the security stance, compliance, risk management, and change control of technologies in use at The Diocese of Paterson.
All Cloud security assessments will be performed by delegated security personnel either employed or contracted by The Diocese of Paterson. All findings are considered confidential and are to be distributed to people with confirmed privileges. Distribution of any findings outside of The Diocese of Paterson is strictly prohibited unless approved by the Director of Technology.
Any relationships within multi-tiered applications found during the scoping phase will be included in the assessment unless explicitly limited. Limitations and subsequent justification will be documented prior to the start of the assessment.
Cloud computing - the delivery of computing services, including storage, processing power, and software, over the internet. It enables users to access and utilize these resources on demand without relying solely on local hardware or servers.