Cloud computing offers organizations a compelling set of advantages: speed of deployment, a flexible architecture and access to powerful data storage services without having to make large capital expenditures. Yet security remains a key concern – and is the obstacle most often cited by executives.

Interestingly, the biggest data breaches to date have occurred in on-premise systems. Yet the idea of handing control of an organization’s critical data and systems to external cloud providers continues to make executives nervous. Is this reticence justifiable in the face of ever-evolving technology – and a legislative landscape that remains in catch-up mode? Or are organizations simply failing to update their way of thinking?

The legal issues associated with data access and privacy remain unresolved. The US government can obtain personal information from cloud providers in the interests of national security without requiring the cloud provider to notify the user. And this policy may be irreconcilable with the EU’s data protection laws, for example.

The issue is creating similar difficulties on the other side of the world. In October 2011, Australia launched OzHub, a government-backed consortium of telecoms firms focused on making Australia a global hub for cloud services. Yet the discussions have centered on creating a cloud network of servers based only in Australia. While this may simplify the legal issues, it suggests a mindset overly focused on physical infrastructure. The emphasis on the latter does away with the agility that the cloud can offer businesses, and fails to address the root cause of the challenge: an out-of-date legislative environment.

As businesses and governments grabble with the opportunities offered by cloud computing, they need to overcome this mindset that would leave them sitting behind the corporate firewall.