This document discusses how to audit cloud providers to verify security and compliance. It begins by explaining the challenges of auditing cloud providers and what SSAE16 reports are and are not. It then provides tips on what aspects of a cloud provider to audit, such as encryption, certifications, and vulnerability scanning. The document recommends performing technical audits and assessments that go beyond just legal contracts or questionnaires. It emphasizes the importance of transparency and following the data when auditing cloud providers.