Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is?
To me, the whole Cloud discussion sometimes drives into interesting directions. I often feel that Cloud providers develop a solution and tell the world that the policy decisions were on purpose to protect the customers. Like some providers told the world in the past that you should not care how your data is protected. They take care of your security and you should just trust them – like banks. Nonsense! If you have to prove compliance, you will definitely want to understand how your data is protected and what controls are enforced in the Cloud environment. But as the industry – including the regulators – is still trying to understand the impact of the Cloud, it is a good time to drive such messages and sell the setup as “best practice”.
Things will change and outdated policies will be adopted to today’s reality but making a statement that you should not care where your data is, simply neglects some “minor” obligations you carry like protection of the privacy of the people you have data from… or the fact that you probably not want your state secrets in another country (even though I do not expect a country putting Top Secret material to the public cloud – yet).
Just because the Cloud provider does not know, where your data is does not mean that you shouldn’t care…