Zoch says he likes the fact that Zetta uses public key encryption that's compliant with Federal Information Processing Standard 140-2, but the university still might decide to encrypt the data itself before transmitting it. And since he's using Zetta only for secondary copies, he's not worried about getting it back if something happens on Zetta's end.

It might also be impractical to move large amounts of data from a cloud storage provider's site if the communications pipeline is too small. "If you can do only 1MB/sec. or 2MB/sec., it could take months or even years to get your data back," says Jeff Treuhaft, co-founder and CEO of Zetta. He says putting in a dedicated connection capable of transferring data in a timely fashion adds about 25% to the cost of Zetta's service.

Even if the stored data is accessible, some storage-as-a-service applications, such as Zmanda Inc.'s backup and recovery systems, store data on a third-party platform such as S3 on the back end. So it's important to do due diligence on where and how data is hosted and how to get it back, says Singh. But, he says, that's no different from the checks one should do with any other software-as-a-service provider that stores data.

What's the best way to get started with external cloud storage services? "You have to trust, but verify," Ruth says. That means touring the data center to see what's stored where, creating a service-level agreement with meaningful metrics and performing regular audits to make sure the vendor is living up to them. And if the storage-as-a-service provider is using a third party for the underlying storage infrastructure, you'll need to perform due diligence on that vendor as well.

Despite the challenges, most users see a bright future for cloud storage. Singh says he could see a role for cloud storage for file services if he had to replace his file servers. Others see the cloud as a potential way to back up remote offices.