[bluedino]

>> If you are working on confidential data, it is very likely that your security policy does not allow you to store it "in the cloud"

The regulations will change with the times, hopefully.

We stored little more than names/emails and non-identifiable/non-sensitive data at my last job. The 'security auditor' for one client wouldn't let them sign with us because our servers were hosted at Rackspace, so the servers were not under our control and a Rackspace employee could access our data, since they managed our servers.

[dsr_]

It's not a matter of regulation. It's a matter of liability. As long as the company running the database-as-a-service won't accept full liability against breach of privacy for the information stored there by clients, clients can't store confidential information there.

And who wants to do that?