The cloud is everywhere! Well, that's what the marketing folks would have us believe, anyway. For security professionals, migrating systems, applications, and data to the cloud presents a new set of challenges to tackle. What kind of policies do we need, and how can we work with legal teams to incorporate rules and policies into the binding contracts protect interest of cloud creator, provider and the end user? How can we protect sensitive data with encryption, intrusion detection and prevention, host and network access controls? Can we extend identity and access management tools and processes into the cloud?