Ever since Marc Andreessen declared that software is eating the world, IT’s appetite for transforming the physical into the virtual has carried on unabated. The Internet has created massive amounts of new business.

Companies can now build on cloud-based outsourcing to market and sell across the globe – and own almost nothing themselves in terms of manufacturing, warehousing, distribution, or IT systems. Yet they still own one asset, for which they and they alone remain responsible. That asset is their data. The question is – can those enterprises fulfil that responsibility, including performing disaster recovery if necessary?

With everything available as a service, physical points of reference disappear. Data, virtual in nature, can in principle be stored anywhere in the world. But if you don’t know where your data is, you may be in non-compliance with data regulations, you may be exposed to information security risks, and you may not be able to locate backup copies of your data, if or when you need them. The moment you store your data in somebody else’s data centre, you expose your organisation to different risks.

There are ways to mitigate these risks. One possibility is to repatriate all your data onto your own server on your own premises. However, for “born-in-the-cloud” enterprises, this solution may not appeal.

Another possibility is to deal only with a cloud provider that guarantees data storage within national boundaries, offers and observes suitable service level agreements (SLAs), offers a great track record in availability and security, and full information and control over data backups, which are themselves carried out to meet recovery objectives.

That may sound like a lot to ask for, but it’s what you need if you want to stay on the right side of your customers and the law. In a virtual “as a service” world, disaster recovery and everything else concerning your data will still be your problem, but at least you’ll have the tools and resources to handle it.