Back in time?
Namely:
How do you respond with subpenas requesting access to my data? Be it from the U.S. or any other country.
How much control does the customer have over the physical location of servers holding their data? Will a coup deta in the cheap labor 3rd-world country you put your servers in isolate me from my data?
Can any floor technician in your data center walk over to the server where my data is held , and over the course of a week or a month effectively "clone" my data by artificially failing each of the drives in the array that holds my data, until they have a complete copy of the whole array on those "failed drives"?
Can any floor tech, paid off by a competitor, sabotage the server my data is sitting on.
Does the data on your servers have any form of encryption on the drives?
If someone was involved in criminal activities, and their data existed on the same server as mine, can a government agency come in and take that server away as evidence, and my data with it?
You most likely scan your servers for viruses, does it keep logs, who has access to those logs, how long are they kept?
If the company holding my data goes out of business, how long will I be able to access my data before they run out of money to pay for drive replacements, labor, leased lines?
If Billy-Bob digs up a fiber bundle in his back yard and knocks out your data center, are you mirroring all you customers data in a separate geographical location? How often does it sync?
How many feet above sea-level are your servers, and how far away from coastlines?
Page 1 of 99. (seriously we tried this ages ago, it doesn't work)