The Cloud Compromise SCENARIO: One of your organizations internal departments frequently uses outside cloud storage to store large amounts of data, some of which may be considered sensitive. You have recently learned that the cloud storage provider that is being used has been publicly compromised and large amounts of data have been exposed. All user passwords and data stored in the cloud providers infrastructure may have been compromised. What is your response? Discussion questions Does your organization have current polices that consider 3rd party cloud storage? Should your organization still be held accountable for the data breach? What actions and procedures would be different if this was a data breach on your own local area network? What should management do? What, if anything, do you tell your constituents? o How/when would you notify them?