Within the enterprise, cloud is no longer a buzzword or a question. It’s a reality. Even organizations that haven’t officially embraced the high ROI, low TCO, and compelling scalability and agility of the cloud know that their employees and business units are often adopting cloud solutions , whether those solutions be file sharing (Box or Dropbox), collaboration (Chatter, Jam CRM on Salesforce.com, NetSuite, SuccessFactors) or any one of a number of other cloud alternatives. Even without IT’s approval or involvement, the cloud train has left the station. There’s no longer any point to asking whether enterprises should adopt the cloud. They already have. The question now is whether the cloud applications the enterprise adopts are secure. The debate around this question is a lively one, but the answer, to put it bluntly, is no. No matter how many assurances your cloud application providers offer, the enterprise cannot fully trust a third party with their sensitive data, especially if compliance is involved—such as PCI, GLBA, HIPAA, EU Directives, UK ICO Guidance, Australian Privacy Act or dozens of other global privacy regulations. And cloud provider security assurances often seem contradicted by the steady stream of data breaches making the news. It’s time to look beyond whether a cloud provider can secure your data. These days, you’ve got to think of how you can protect your data before it ever enters the cloud.