This book taps into an inherent paradox: with the ease of reliance on external, cloud providers to provide robust functionality and regular enhancements comes, as their very own audited service organization control (SOC) reports are quick to point out, the need for client organizations to devise and sustain a system of effective internal controls. By addressing the practitioner in the field, it provides tangible, cost effective and thus pragmatic means to mitigate key risks whilst leveraging built-in cloud capabilities and overarching principles of effective system design.