"There is almost always confusion regarding the regulations involving third-party cloud services," agrees Geoff Webb, Director of Solution Marketing, NetIQ.
"This is because the multi-national nature of many cloud services makes it very difficult to get a clear picture of what regulations apply, and how. For example, organisations should consider if data stored in a U.S.-based service provider is affected by local laws -- and how would that be different if the data centre was located in Europe, for example. The nature of cloud is that often customers do not see the exact details of how services are delivered, but this lack of clarity can also be a cause of problems, too."
Ash Ashutosh, CEO and Founder, Actifio, also believes that extensive research is critical. However, he says that cloud suppliers themselves should be the party doing investigation into regulations, suggesting that it can also double as a sufficient guide for customers.
However, regardless of these arguments, someone has to take full responsibility of that data -- but who?
"In a multi-tenant environment, cloud service providers bear a large responsibility for the security and access rights of the data held in their systems," says Nauthoa.
"This obviously has to be a central tenet of their value proposition to would-be users of their services. It's also incumbent for customers to ensure that they work closely with service providers to ensure that their data integrity is being met through use of best-in-class technologies as part of their SLAs with these companies," he adds.
Rajesh Abraham, Head of Product Development, eHosting DataFort, says, "There are two key issues, which are data security and reliability. This is also a reason why users are slower to adopt cloud storage. Enterprises today focus on different aspects of data in order to protect the environment.
"Organisations that want to manage information have to define data strategy and clear visibility into the information value chain. Defining what 'data ownership' means is critical to identify stakeholders, align expectations and deliver value from data in the cloud," Abraham adds.
Rajesh Ganesan, Director of Product Management, ManageEngine, takes the firm standpoint that single ownership is the wrong way to go.
"Once corporate data is in the cloud, a single hand being fully responsible is not the right model. 'Trust but verify' works better in all scenarios, so both the business and the cloud provider are equally responsible for the corporate data in the cloud.
Securing data access
Questions of data responsibility and ownership surely spark the issue of governance and data control. Though all parties must be involved in the due diligence, not every part will end up pleased, as Seagate's Fagan explains.
Sign up for CIO Asia eNewsletters.