Meeting customer regulatory compliance concerns with Storage as a Service is very difficult. There is no real way to guarantee that you will meet the compliance requirements. There is no audit service currently and it would be difficult to create because the service could be legally liable for any mistakes.
In reality, only legal proceeding could rule whether a compliance requirement was being met. This is a difficult and dangerous situation. To prove or demonstrate that all regulatory compliance requirements are being met and a complete chain-of-custody control for data was established is complex and costly. For many storage as a service providers, this may not be worth it because of the extra overhead, basic expenses and the fact that there are also many different compliance regulations.
This was first published in February 2007