A policy is typically described as a principle or rule to guide decisions and achieve rational outcomes. The term is not normally used to denote what is actually done, this is normally referred to as either procedure or protocol. Policies are generally adopted by the Board of or senior governance body within an organization whereas procedures or protocols would be developed and adopted by senior executive officers. Policies can assist in both subjective and objective decision making. Policies to assist in subjective decision making would usually assist senior management with decisions that must consider the relative merits of a number of factors before making decisions and as a result are often hard to objectively test e.g. work-life balance policy. In contrast policies to assist in objective decision making are usually operational in nature and can be objectively tested e.g. password policy.
A Policy can be considered as a "Statement of Intent" or a "Commitment". For that reason at least, the decision-makers can be held accountable for their "Policy".
In each organization, there are policies that should apply and follow. These policies could be different from one organization to another. When it comes to cloud computing, you should look into policies and ways to apply them in cloud. Some examples of policies are as follow:
- Employees are not allowed to login to some websites during office hour
- All users must create complex password
- All data should backup every day
- Management’s PCs are not allowed to be connect remotely
- All data should store locally
Policies are everything that should follow in organization and could change and improve. Internal factors such as managements’ decision and external factors such as countries’ law are involved in policy. When you work in private cloud, you should also look into policies that you should apply and then look into solutions that could help you with these policies. Some of these policies could apply using one private cloud solution and product, while other required other products. For example, for PC and user management you could use System Center Configuration Manager and Windows Server to apply policy and for back up solution, you might need using Data Protection Manager. Important step is to discuss with managers, shareholders, employees, legal team and everyone who could affect policy in organization and come up with questions that they should answer such as:
- What is the priority of this policy?
- Is it a long term or short them policy?
- How often this policy would change?
- Is there any other dependence policy to this policy?
- If this policy couldn’t apply, what is substitute policy?
- Who will affect by this policy?
- Do you have planned to improve this policy?
- If this policy applies will that be any problems? How to overcome them?
You could come up with additional questions base on your requirements. When you ask these questions, you will come up with list of policies. Then the next step is to apply these policies in private cloud solution. In this case, you should check products that are capable of apply your policy and their cost. It could be cases which apply policy would cost a lot and you should consider that when you are doing policy planning for cloud.
Then apply does policies in organization using tools. One important thing is that if you have multiple branches in different countries, then it could be new policy that you should apply base on government’s law. This is also important factor when you group PCs in different branches in Active Directory.
Majority of policies could apply using Group Policy in Windows Server and other System Center products. For account management and smartcard, if you have some customize or complicated policy, you could consider Forefront Identity Manager.
It is good idea to list down policies that are being apply and then policies that are require to apply and priority them and then use right product to apply them in your private cloud infrastructure.