As organizations continue expanding their adoption of the public cloud, many IT and security professionals are beginning to see that they need improved cloud-monitoring and cloud-auditing capabilities. By cloud monitoring, I’m referring to the process of identifying cloud use within an organization and then evaluating if there are data privacy and/or compliance risks that need to be mitigated. Cloud monitoring includes the idea of fully understanding what clouds are being used and how employees are accessing and updating information, from where and when. This becomes more complicated with the proliferation of BYOD policies as well as the growing trend of Shadow IT groups within corporations that assist business units in deploying clouds without “Official” IT knowing about it. But steps can still be taken to manage the operational and legal risks associated with sending sensitive data outside of the corporation’s firewall while simultaneously enabling operating units to use the cloud as required to drive business results.