His fears are well grounded.   If you don’t “own” the data i.e. the data physically resides on a disk in a remote server to which you have no access as part of a service for which you do not pay, legally, you really don’t have a leg to stand to claim it as your own.

If you rely solely on such services for conducting the day-to-day work of your company then you take on a significant risk that if the service either shuts down or loses your data, you could be out of business.  Being in a situation like that really wouldn’t be very sensible.

There is also the issue of security.  If you store data in third party cloud services, there is nothing to stop your data from being read.  This can happen either if the third party chooses to read it (check with their terms and conditions), if the service is attacked and compromised or perhaps if the third party supplies data to law enforcement agencies.  As Richard Stallman points out, authorities can quite often get access to data hosted in cloud services in the US without any kind of search warrant.

Ultimately, the entry level cost of hosting on a global scale is huge.  That is to say that most smaller companies will not be able to afford to build a data centre that spans multiple regions with enough capacity to provide a service to anyone web user wishing to access it.  Instead, they will probably use either a cloud service or a third party hosting provider, which depending on their terms and conditions, can quite often provide the same risks as using a cloud service.

There are several steps that can be taken to reduce the risks associated with using these cloud services such that your business will not be adversely affected if a third party cloud service shuts down (temporarily or permanently) or if your data is compromised.

• Always keep copies of your data on a server to which you have access.  This could be just a desktop you have at home or in the office (e.g. export all twitter posts, delicious bookmarks to a file and store them).
• As a slightly more risky alternative, you can also replicate your data to another cloud-based provider but it would be sensible if it is owned by a different company and is based in another location.  The risk of two different providers like these being shut down or unavailable at the same time is less than just one but could still be significant.  It is important to be aware of the security implications here.  The data needs to be tranferred and stored securely in any backup locations.
• If you can, encrypt your data before sending it to cloud based providers and ensure that all connections to the providers use encryption too.  This will stop the data being read by anyone that shouldn’t read it.  Depending on the type of service, this is not always possible but should always be considered depending on the type of data being stored.

The key is always to identify those services that are business critical and to ensure that they can be run with an acceptable level of risk.