Security systems can be complex to implement, however some of them are at least easy to explain - malware is always bad and some web sites are always inappropriate for business. Cloud is different and we need to come from a different angle. Some cloud services may be high risk, but even low risk services can be used in a high risk manner. Our security approach needs to understand content, context and user behaviour to ensure appropriate policies. This presentation reviews current cloud adoption, shares anecdotes about cloud security and makes hard-hitting recommendations on what you need to do. Information from this presentation can be shared back in your organisation to make the case for a comprehensive cloud adoption team to address cloud needs.