In the clouds...

You mean the sort of people who dont have a lot of money to spend on their internet connection? These are the last people who should be doing it.

All the businesses I work for want to control their own destiny, putting your data in a medium where they dont have control over the security, backup etc is of no interest to them.

The startups I've seen have usually been flush with VC money, and looking to get their idea turned into a working prototype. It's not so much that they don't have the money to buy their own hardware if they wanted to, it's more that they don't have the internal expertise or interest in managing infrastructure.

Their internal staff are usually just a mixture of non-technical entrepreneurs and software developers that want to build some software that they can provide as a service, without having to employ internal hardware administration staff. There are also incentives from people like MicroSoft for companies in that niche to use vendors' newest software. MicroSoft do it so they can get feedback from experienced developers on which parts of their offerings work well, and which need to change. Through MicroSoft programmes like BizSpark, startups often get access to the same platforms for free that larger companies have to pay for.

Umm, am I a real control freak if I suggest that it's quite a good idea to be able know where some data is stored at some particular time?

That depends on your reason for feeling that way.

But really, for most intents and purposes, needing to know exactly which piece of hardware your software/data lives on is a bit like needing to know precisely which of its many physical branches your bank keeps your money in, or which platter of your hard drive holds a particular file. You can probably find these things out, if it ever becomes important to you, but for most intents and purposes they're really no more than esoteric concerns. All you need to know is that you can access your money, your files (or your software solution and its associated data) when and where you need to.

The only issue I can think of with cloud hosting is to do with data protection laws. Present EU law requires you to have the permission of data subjects (the people you hold information about) to be able to export their data outside the EU. You can get around that concern, though, by wording your terms and conditions appropriately, and by encrypting the data you store (so that even if staff at your cloud hosting vendor have administrative access to the physical server your solution lives on, they still can't read your data).

SQL and Windows Azure also let you choose general geographical areas in which you want your data/software to reside (usually, you get to choose a continent-sized area). It's intended to speed up internet connectivity between your solution and your users if you target areas of the world where distance between host and client is an issue. However, it also doubles up to solve that "can't export data outside the EU without consent" problem.

Given what we've all seen happening in the last 5 years that might not be such a bad idea.

But yep, I get your point; it makes things easier. However, I don't know whether that's such a good idea; maybe it's better to force developers and testers to actually put more thought into where data is and where it's going.

What do you feel the benefits of that would be? I mean actually knowing which piece of physical hardware a piece of data lives on, rather than just the structure of the database (which you still retain full control over, whether you're working locally or in the cloud).

It's not so much the benefits but the risks of not knowing; all well and good for some startup selling fashion items on the web to put non-financial data in 'the cloud', but governments and banks will be at it too, and we all know what a great job they do now of storing and protecting data.

Are there any additional risks you can think of to putting information in the cloud? You can certainly screw up and lose data whether you're using an unwisely-designed cloud-based solution, or just leaving unencrypted laptops and disks on the tube. However, I don't see that working on virtual hardware adds any risks that don't exist anyway, even if you do choose to manage your own physical hardware.

No, my point is that we're already pretty slapdash in taking care of data; everywhere I go I hear people saying 'let's put in in the cloud' but I seem to be the only one that ever asks 'what do you mean'. I never really get a convincing answer to that.

You sound like a good tester. And you're right to ask the question whenever you hear people bandying about the term, seemingly without concern for or knowledge of its implications.

Unless you've considered the full ramifications of the technical decisions you make, no solution can be thought of as safe. A few years ago, it was SharePoint that was flavour of the month. Then it was Software As A Service. Now it's Cloud Computing. There's nothing wrong with any of those concepts/technologies in the right context. But no technology is useful or safe unless you apply it correctly, and with consideration as to its consequences.