Risks in Cloud Computing

I've had several discussions with eager colleagues recently who've wanted to start leveraging cloud topologies in their enterprise designs. While I'm very interested in the underlying technology supporting cloud-based architectures like Apache Hadoop or Microsoft Dryad, I would personally think twice (as of this writing) before recommending a cloud-based solution for the enterprise. Here are some of my concerns:

1. Data Retention: I believe that at the present moment, more than ever, architects should not ignore the fiduciary needs of data storage. While legal data retention policies vary geographically, cloud architectures can be geographically dispersed and should therefore automate data retention by relevant locale-specific policy selection. The issue of data retention becomes even more interesting when an enterprise is dispersed across multiple jurisdictions like the multinationals and a single line of business system (whose data resides in the cloud) is used. There are sometimes paradoxical legislations that govern data storage and access like International Traffic in Arms Regulations (ITAR) in the United States that prevents some manufacturing firms from storing product data outside the country, while the USA Patriot Act may allow the U.S. government access to any information stored within its borders. The question is; if the cloud vendor is U.S.-based does this mean that an Australian (for example) company's data could potentially be exposed to the U.S. government based on local U.S. legislation?
   
   
2. Data Centre Evaluation: If I was having my company's data stored offsite, then I would want to personally evaluate the data centre used by the cloud vendor to identify proper SLA adherence. I have not heard of cloud computing vendors permitting regular customer visits to their premises to monitor adherence.
   
   
3. Complete (Meta)Data Ownership: A piece of data stored in an application hosted on the cloud, has, in most cases, several bits of meta data associated with it. These pre-requisite data elements (like primary keys identifiers for example) may be coupled only to the cloud-based architecture. In the case that an enterprise wants to migrate 'off' the cloud platform then the process of reconciling related metadata could be tedious and exhaustive. SLA's need to be reviewed thoroughly before committing to hosted applications in the cloud. Middleware cloud computing services like Elastra and RightScale offer possible options to manage this scenario.
   
   
4. Data Privacy: I belive this is the biggest obstacle to adoption of a cloud computing platform. I am not sure if the privacy issue is ever going to be definitively addressed.