The need to implement cyber security and other information security controls has become the new business reality. Organizations that are technology and data dependent, regardless of size, need to evaluate their exposure and formulate an information security program, as well as contemplate their potential breach response. Such a program must include third party service providers, include cloud-based providers, and organizations must recognize that their third party providers’ program in many ways become part of their information security programs. Cloud based systems are getting significant attention as this model presents significant advantages over the traditional on-premise setup for infrastructure and software. These advantages come with key risks, and those adopting the cloud-based approach must be aware of these risks and take action to mitigate them.