With the rush to take advantage of all “the Cloud” has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is at all times, maintaining the same levels of Roles-based access to data, data retention policies. To further complicate things, a more fundamental question arises: who owns the data once it leaves your corporate network, and in the event of a data loss, how do you get it back? This talk will delve into some of these issues, talk about developing and enforcing policies to help maintain control of your data, and talk about some of the challenges in managing your data once it’s out there. We will also present research from a study we conducted with 7 service providers specifically focused on Incident Response in the Cloud, where we set up accounts with the providers, set up identical data stores, simulated a breach which resulted in data being deleted and in some cases modified, and then queried each provider to find out what information they had on what was changed, what information they had on who made the changes, and just as importantly determined whether they were able to assist us in restoring the data to its original state.