Back in the early days of cloud computing one of the main selling points was security. “It’s safe in the cloud” was the calling card—and general consensus—of most early cloud services. But then reality set in and we all collectively said, “Oh, woops.”

Cloud security is a big issue these days. Maybe the biggest. Many cloud vendors have iron clad security policies and regimes in place. Click on the little lock icon on pretty much any cloud vendor’s site and they will be more than happy to tell you how far they go to protect your data and why you should trust them.

But here’s the thing. Despite the fact that they’re all running around waving the little green locks in their URL and whatever encryption, certification, or any other security measures they employ, not all SaaS’s are created equal. Different levels of security may depend on the type of data they deal in, or just on the vendor. For example Slack HQ, which is used so widely now it’s said to be replacing email and maybe even your office, may not have the same security measures in place as Salesforce, even though you might be sharing equally sensitive information on both apps.

So before you move your data or your entire business onto a SaaS or cloud app, do a little research. Read up on the vendor’s security practices and don’t be afraid to contact them directly and ask questions, like, “What happens if cyber criminals bust into your headquarters and steal the decryption keys, download all my data, and sell it to the highest bidder on the global black market?” (Or you know, whatever you’re worried about.)

If your business is subject to government regulation and compliance laws—HIPAA, PCI, SOX—you have to be even more careful. Ask more questions. Do more due diligence. Be sure you understand what security measures the vendor is responsible for, like encryption and external audits, and what you are responsible for, like password policies and two-factor authentication.

Just like you wouldn’t leave your kid with someone you weren’t 100% sure about, don’t leave your data in unknown hands. Don’t be afraid of the cloud, but don’t make assumptions about security either. It’s your business, your data, your decision. You got this.