Cloud computing adoption may be being hindered by unacceptable terms of service imposed by service providers while issues such as the US government Patriot Act are still a concern for UK and European businesses.

With cloud computing one of the hottest topics in IT and widely regarded as the chief way services will be delivered in future, vendors and service providers ought to be doing all they can to attract customers and assuage their fears about outsourcing vital functions.

However, it seems that some cloud service providers are failing to meet key customer requirements, or even driving them away with unpalatable terms and conditions of service.

Colin Towers, global chief technology officer at digital media and marketing firm Aegis Media, which boasts locations in 130 countries, said that some cloud service providers have “silly clauses in contracts that are off-putting, such as limitations on liability or the right to mine customer data.”

The firm, which often deals with sensitive customer information, has had to think again about using some cloud services, Towers added while speaking to V3 about Aegis Media’s use of cloud services at the recent VMware Forum in London.

While Aegis Media is largely favourable towards adopting a cloud-based strategy, the firm is bringing some services back inside the firewall and onto private cloud infrastructure in order to mitigate some risks.

“We’re very concerned about the Patriot Act,” said Towers, a sentiment that will be well understood by many IT chiefs on this side of the Atlantic.

“The problem is that US government bodies have the right to access any data held by US companies, even if that data isn’t stored in the US. And you would never even know if it happens – the service provider isn’t allowed to disclose the fact,” explained Towers.

Other bugbears with public cloud infrastructure or data stored on cloud services are down to corporate governance issues, such as auditing. “Clients want the right to audit, to see if you are in compliance with the relevant regulations and standards. They can do this if we have things running in our own data centre,” he explained.

However, when the data is stored on a service operated by a third party provider, the situation can be more complex. “It’s the difference between having a certificate that says you comply with regulations and whether you can be audited to prove it,” he said.

Meanwhile, Aegis is moving some services in the opposite direction, out to the cloud, again to mitigate risk. “We’re taking things such as our public-facing website and hosting that with a service provider, because we wouldn’t want any attack on that to hit critical services in our data centre,” Towers said.

Overall, Aegis Media is looking to expand on its use of cloud services, as it becomes more comfortable with them, but it will depend on the service provider giving them what they want, according to Towers.

“There needs to be acceptance from service providers that customers have requirements around privacy and compliance, and they don’t want to see these silly clauses,” he said.