Clouds are everywhere and can be used from anywhere, right? Wrong. The fact is that when considering national laws, you may find that your data is legally not able to leave the border.
That's the case in many parts of Europe that forbid some data from being transmitted or stored outside of the country. Canada also has some rules that prohibit some data being stored in the United States due to the US Patriot Act's provisions that let the federal government examine corporate records.
To get around this issue, several cloud computing providers, such as Amazon.com and Salesforce.com, have points of presence in many developed countries. There's a performance argument for this distribution of systems, but another reason is to adhere to many laws directing where some data can legally reside.
It's important to note that the legal issues are local to where your customer resides. You have to understand the laws and make sure that personally identifiable data and some financial records are kept local if required by the law.
This could be an issue as cloud computing systems become more distributed. Indeed, while the primary facility may be in-country, the failover site, or perhaps the site used when the primary site is under maintenance, could be across the border and, thus, noncompliant.
The problem is that most people looking to move into the cloud are not aware of these regulations and could run into trouble down the line. Moreover, cloud providers often promise that the data stays within specific borders, but when so many cloud computing networks are virtualized all over the world, that guarantee will be hard to keep.
So what do you do?
First, make sure to understand the legal issues around data, and find out what data cannot be hosted out of the country. Many users and some providers of clouds are clueless about the compliance issues.
Second, make sure that you get any agreements with your cloud provider in writing as to its responsibilities and how to handle instances when it doesn't meet the compliance requirements.
Finally, consider the wisdom of placing some data in the public clouds in the first place, considering that you're ultimately responsible for data compliance - and thus the costs of keeping compliant in the cloud. In many instances, it's not worth the price.