Though most U.S. companies still list customer and other corporate information as their most valuable assets, many keep pushing this data farther from \n\nsafe lockdown in the data center\u2014and are about to give it another strong shove in that direction.Cloud computing and efforts to virtualize internal storage, servers, client hardware and even the movement of bits in and out of a server allows IT to \n\ndesign systems according to the needs of end users, rather than the location and limitations of on-site hardware. One common fear about data in the cloud: What happens to it once it leaves building? End-user companies probably won't completely lose track of data in the cloud, according to Chris Wolf, infrastructure and virtualization analyst at \n\nThe Burton Group. They are likely to lose some level of control over not only who accesses the data, but also when and for what purpose, he says.15 Cloud Companies to WatchOn a related note, companies must also be able to audit usage of sensitive data, keep restricted data in Europe or other places where regulations are \n\ntight, and comply with all the other requirements spreading out to define proper use of corporate data. It's not a disaster waiting to happen, but the control issue will keep many companies from using cloud technology, or even advanced storage \n\ntechnology, to its best advantage, Wolf says.Slideshow: 5 Things We Love\/Hate About Cloud Management ToolsEMC, for example, is developing technology for its high-end storage products that goes far beyond current storage virtualization technology, which \n\nstill associates storage volumes with specific spindles or storage arrays, according to Brian Gallagher, general manager of EMC's EMC Symmetrix and \n\nvirtual products groups."Virtual Storage," would make it possible to make the most cost-effective use of storage hardware and move data around at need, or at whim, \n\nGallagher says. "Theoretically, you could shift terabytes or petabytes of data from New York to Alaska for batch-processing overnight because the power in the \n\nAlaska data center is so much cheaper than New York," Gallagher says. "You should be able to do that from one console, almost with a couple of \n\nmouse clicks or drag-and-drop."\n\nOne Company's Private Cloud ChoiceLosing critical data in the cloud isn't a huge issue right now, mostly because companies that want to put data that's more critical than a Gmail account \n\ninto the cloud keep that data on internal clouds, or keep the whole cloud within their own walls, according to Bill Gillis, eHealth technical director, Beth \n\nIsrael Deaconess Medical Center in Boston. "We went with a cloud approach because we weren't sure how big it was going to be, and it gave us an environment that could expand or contract \n\nas we needed it to," says Gillis, who built a virtual infrastructure designed to allow independent physicians' offices to plug into BIDMC's patient records \n\nand billing systems easily. "Data goes from physician offices to our servers directly," he says. "Even though it's in a cloud, it doesn't leave our servers or the physicians', which \n\nis good for security and privacy." Few companies are putting critical data into public clouds now, partly because they're nervous about doing it, partly because neither their structured \n\nnor unstructured data has yet been converted to function well in services-oriented environments such as the cloud, according to Mark Bowker, analyst \n\nof Enterprise Strategy Group. The potential cost-savings of the cloud will add to the pressure for end-user companies to convert to more SOA-friendly formats, Bowker \n\nsays.A Solution for Tracking and Securing DataTechnology that does provide centralized control is not under development, however, Wolf says. Wolf and his Burton colleagues have proposed \n\ndevelopment of an infrastructure authority, or IA\u2014a database, directory and security application all in one, designed to create security that can \n\ntravel along with specific parts of data and help its owners keep control over it no matter where it resides. In the cloud, data from several locations could 'reside' next to each other, sharing user access controls, audit and security policies, but actually be \n\nstored within a company's own data centers co-location facilities or publicly available data centers.Without a set of metadata that can track the real and virtual location of that data, as well as its related security information, orchestration, federation \n\nand control of that data is, at best, extremely difficult, Wolf says. "If a tool wants to place an object somewhere within a cloud infrastructure, there needs to be a central place where it can check to make sure the \n\nphysical location offers the necessary resources (compute, memory, networking and storage I\/O) and security policy isn't violated in the process, among \n\nother concerns. We don't need to re-invent the wheel. Instead, we need to take existing virtual infrastructure management databases and evolve them so \n\nthat they can act as the central authority for all infrastructure decisions," Wolfe wrote in a blog on the topic. Burton Group, and its new owner, Gartner Group, plan a series of reports explaining and promoting the idea of the IA later this spring, Wolf says. \nIndustry organizations such as the DMTF, Cloud Security Alliance and Storage Networking Industry Association's Cloud Storage Initiative are working \n\non various aspects of the problem, but haven't cracked it yet, Wolf says. Follow everything from CIO.com on Twitter @CIOonline.