A concise and useful analysis of the legal issues facing both cloud providers and their customers. The technical awareness of the legal system with regards to cloud technologies is increasing. The courts are beginning to take a useful, pragmatic and well balanced approach to evaluating the fairness and effectiveness of service provider T&C's in meeting customer information security requirements and obligations. The concept of what is reasonable is central to this balance. It is also nothing new. This after all is what corporate diligence is all about. However, achieving this reasonableness requires real understanding of well known terms such as: vulnerability, threat, risk and exposure within a new technical landscape.