One of the knocks against outsourcing applications and storage has always been control or rather the lack of it.  Whether I am referring back to my Interliant days where we stored customers Lotus Notes and PeopleSoft financials data or Qualys storing their customers vulnerability data or as Douglas Schweitzer  over at ComputerWorld points out, Google's plan to pilot a program with the world renowned Cleveland Clinic to store patients medical records on line, the idea of confidential, sensitive data being out of your direct and sole control scares many people. Never mind that the data may be more secure with the controls these SaaS providers put in place to than it would be in your own location.  There is just something about the concept that deep down instinctually turns people off.

To be fair, the SaaS industry has done many things to overcome this bias.  3rd party audits of security procedures have helped.  Also having the data encrypted with only you holding the key helps get many people comfortable.  In fact over the last few years, I think on the whole we are seeing more and more IT and risk management departments getting comfortable with outsourcing their applications and the storage of this sensitive data. There are still some last bastions of holdouts, such as the US government with vulnerability data.  But as I say, by and large it is much more acceptable.  However, every time we take this paradigm to another market, such as confidential medical data the whispers and old doubts surface again.  I think if we are truly going to see the Google Apps or Microsoft Live office stuff really take off, people are going to have to get over this phobia.  Whether they do or not will go a long way towards determining if this is just a passing fad or the longterm future of the software industry.