Wouldn't it be nice if your employees actually asked you this question before they went off and signed up for a cloud service or deployed a new app to a cloud platform? If they did ask, would you know what to tell them? Forrester's research shows that most enterprises wouldn't have a clear response or know where to point the employee for better guidance. Oops.

The answer to this question is actually pretty simple in concept but more difficult than you think in execution — you need a cloud use policy. What should be in this policy? What form should it take? What tone should it carry? Where do I start? All these questions are answered in my latest research report on writing an effective cloud policy. And some of its guidance may feel very counterintuitive. First of all, this will probably be a much softer and more malleable policy than others you have in your company. The cloud is still evolving, and thus your policy will need to do the same. What you might not allow today may be perfectly ok tomorrow. And unlike other IT policies, it's highly likely that IT isn't the most knowledgeable team about cloud within your company. Be prepared to work with the true leaders in crafting this policy — fail this and you shouldn't even try.

It's too late for your policy to say, "The use of cloud services is not allowed," so you need to start from an assumption that it is already happening — and that more of it is happening behind your back than in front of your nose. In fact, any policy that takes a draconianly negative tone probably won't go over very well (it might just be blatantly ignored).