[gfna]

Regarding control of data, the strangest diacussions i have had is related to the customers being in control of the keys used to encrypt the data. For some reason it seems like using customer managed keys, or even customer managed hsm keys in the cloud is enough to keep the lawyers happy and all compliance in check. Of course anyone who has a basic understanding of key encryption and data encryption keys will know that the actual keys used to decrypt the data will be available at the cloud provider. So in the end it all comes down to, do the customers trust the cloud service provider