I agree that data and information security are definitely some key factors that should be considered when it comes to the potential adoption of cloud computing technology. Another related aspect that can easily be overlooked is the implications surrounding the management of organisational records in the cloud environment. For government departments and public sector agencies in particular, the effective management of records created or stored in cloud computing environments could be complicated by the different types and characteristics of cloud delivery and deployment models available. For example, a cloud provider’s infrastructure, as you’ve discussed, may be located away from the facilities of their customers, so for public sector agencies — who are responsible and accountable for managing their records wherever they are held — cloud computing has the potential for records to fall outside of the agency’s control if not appropriately managed.
This lack of control also increases the risk of sensitive or personally identifiable information being compromised and, depending on location, may be at risk of being accessed or seized within certain jurisdictions. Also some cloud environments may not be appropriately equipped to perform common records management tasks, such as the management of records over long periods of time, therefore records may be at risk of being mistakenly or unlawfully transferred or deleted.