This document discusses the process of creating a cloud security policy at LinkedIn. It outlines reviewing existing applications and gaps, developing a new policy, authoring controls and requirements, and presenting the policy to various audiences. The timeline shows policy development and rollout over 18 months. Resources are assigned to policy authoring and implementation teams. Challenges addressed include third party applications, data types and classifications, and ensuring the policy is enforceable and scalable for cloud business needs. Lessons learned include taking a top-down approach, allowing flexibility, and ongoing review and feedback to improve the policy.