Customers' data is out there in the cloud. Although solution providers might now own the hardware, or run the data center, that data is still, ultimately, the IT solution provider's responsibility. That's a lot of risk to be carrying without much ability to directly manage it. Building a robust governance, risk and compliance program is among the most important parts of creating a cloud security strategy. Ben Tomhave, principal consultant at LockPath, a provider of GRC applications, discusses how to effectively and safely manage customers' data in the cloud.