I still have seen nothing to convince me that regulatory requirements like HIPAA, SOX, FDA validation, et al can be safely supported in an external cloud. Internal, maybe, but how can a DBA guarantee data protection at that level when someone else owns and maintains the servers?