This is the Should Highly Sensitive Data Be Stored in the Cloud work you have done a week
ago. Each reply must be at least 1 paragraph and 100 words in overall length. Each post must
address the original post and can either agree or disagree with the original poster’s position. As
with the original post – support your arguments, but you are only required to have 1 supporting
argument and cite at least 1 external source for this reply.
Three policies that any organization should use to ensure data in the cloud remains private and
1. Educate employees on Cloud Security.
2. Encrypt data in transition and at rest.
3. Strengthen identify and access management (IAM)
Organizations should educate employees on cloud security to avoid loss of sensitive information
to unauthorized users due to human error. According to IBMâ€™s Cost of a Data Breach Report,
24% of data breaches were caused by human error and seven out of ten employees are not
adequately trained in cybersecurity awareness per MediPRO (Anonymous, 2020). I believe
educating employees on how identify phishing attacks, differentiate secured from unsecured sites
and encouraging them to install security software will mitigate the risk of losing sensitive data.
The second policy that any organization should use to ensure data stored in the cloud is safe from
cyber-attacks is encrypting data. Sensitive data in transit and at rest should be encrypted at all
times (Pangam, 2017). This allows an organization to comply with privacy policies, regulatory
and contractual obligations for handling sensitive information (Pangam, 2017). I believe
encrypting data during transmission and at rest minimizes loss of sensitive data due to human
error or cyber-attacks.
The last policy that any organization should use to ensure data stored in the cloud remains
private and secure involves strengthening identity and access management (IAM). IAM helps
organization by streamlining and automating identify and access management and eliminates the
need for IT team to manually assign access controls, monitor, update privileges or deleting
accounts (Alvarenga, 2022). Additionally, organization can implement single sign-on to
authenticate userâ€™s identity and allow access to multiple application using one set of credentials
(Alvarenga, 2022). Single sign-on would decrease the likelihood of password-related hacks and
combining it with multi-factor authentication (MFA) would add an additional layer of security to
the organization (McKeown, 2021). At my job, we use single sign-on, and MFA and I believe
this policy safeguards my companyâ€™s sensitive data.
As a citizen, we should b