Most companies operate under risk constraints. For example, U.S. publicly traded companies have Sarbanes-Oxley disclosure requirements regarding their financial statements. Depending upon the industry a company is in, there may be industry-specific laws and regulations. There are other, more general requirements for data handling that require ability to track changes, establish audit trails of changes, etc., particularly in litigation circumstances. In other nations, customer data must be handled very carefully due to national privacy requirements. For example, certain European nations mandate that information must be kept within the borders of the nation; it is not acceptable to store it in another location, whether paper- or data-stored.
All of which makes using the services of "cloud" providers too risky for some companies.
Source: CIO