This document discusses cloud security and incident response. It outlines the traditional approach to incident response, and how this must change in the cloud where data is distributed across different jurisdictions and vendors. It stresses the importance of establishing clear roles and responsibilities between an organization and its cloud service provider, including agreeing on policies, procedures, access to logs and tools for incident response. It also recommends establishing relationships and practicing incident response plans with cloud providers.