As attractive, economically viable and convenient as the cloud is, companies must be cognizant of the potential cybersecurity risks associated with any cloud-services arrangement. A well-drafted contract between the corporate customer and cloud-service provider is an essential tool for managing that risk on both sides. This article, based on insights offered at a recent PLI event, covers what a prospective business customer should and should not expect from a cloud-service provider, and why some provisions that look good in writing might not be quite so helpful in practice. See also “The Advantages of Sending Data Up to the Cloud” (Jun. 17, 2015).