The device doesn't matter
If you work with anything approaching sensitive data, someone factory resetting the device is a good thing. You lose the device, but it really doesn't matter that some ned has a new toy, providing the data is gone.
As for putting it in the cloud...are you on crack?!?!?
Anything involving personal or sensitive data you hold in a secure location where you can kick the server...and kick the crap out of anyone near them that shouldn't be. LARTs should be used with anyone that thinks the "cloud" is a good idea for anything but pictures of your cat.
If you are putting personally info of customers/clients in the cloud, expect your CIO to have a visit from the plod when the provider stores it in the states or some other nations with crappy/non-existent date protection laws. Oh you can sue them...ah the EULA says you can't.
Oops.