Operating an asset management business remains a resource-intensive endeavor, particularly as fund fees have come under pressure from investors. Some managers have sought to reduce their operational costs by moving at least some of their technological infrastructure – e.g., data storage, accounting systems, client-relationship-management systems and disaster recovery services – to the cloud. Although hosting those services in the cloud offers cost-effective and convenient technological solutions, fund managers must be cognizant of the potential cybersecurity risks associated with relying upon a cloud solution, including the legal risks that may lurk in the standard service-level agreements with cloud service providers. Considerations of potential risks and liabilities associated with engaging a cloud service provider, along with tips on how to conduct due diligence on a cloud vendor, were addressed in a PLI panel featuring Matthew Kelly, former vice president and senior corporate counsel at cloud computing company ServiceNow, Inc. This article offers Kelly’s insights as to what an investment manager should and should not expect from cloud service providers, along with key provisions to understand in their service level agreements. For background on how private fund managers are using cloud computing, see “Perspectives From Cybersecurity Industry Professionals on Preparedness, Vendor Management, Cyber Insurance and Cloud Services” (Jul. 7, 2016); and “Roundtable Addresses Trends in Private Fund Operational Due Diligence, Fund Expenses, Administrator Shadowing, Business Continuity Planning and Cloud Computing” (Apr. 25, 2013).