Cloud services have become so popular in general businesses that they are nearly ubiquitous. When data is processed and stored on remote servers rather than local computers and hard drives, however, there are security and legal implications that must be understood by counsel. In this second installment of our guest article series, Adam Cohen, counsel and managing director at TopSide Group, and Mara Conway Arenson, a privacy, compliance and cybersecurity attorney for the M365 Office Product Group at Microsoft, address key legal issues in the context of a company’s relationship with a cloud service provider (CSP) and dispel some of the myths around CSP risk. In part one, they discussed the importance of understanding cloud offerings and explained the classic spectrum of cloud service offerings. See “Capital One Breach Demonstrates Risk of Overlooking Vulnerabilities When Sending Data to the Cloud” (Aug. 14, 2019).