SQL Azure is a public service and the data is stored somewhere in the cloud provider facility. With all security measures including firewalls and sentry dogs the data is still under zero customer control.

So the provider could do some backup and store it for some very long time and you might want to destroy the data ASAP and will be unable to have it done.

Also here’s what technically could happen (not that I’m saying it is likely):

• the provider might dispose of undestroyed hard disks
• a bug could cause the authorization to fail and allow an unauthenticated user (because you see, you don’t control what software updates the provider applies)
• the provider employee might be bribed and copy the data

So if the user really wants privacy (or the laws say the data he deals with must be processed according to certain requirements) or he wants actual control on how the data is dealt with then a public storage service like SQL Azure is technically inapplicable for him. You trying to market Azure as providing the same level of control and security as a local facility would provide are deceiving the customer.

Sad but true and you can’t lie to the compiler. There’s no such thing as control over your data in a public storage service. Risks of negative outcomes are perceived as rather low, but they exist and they are real.