I think you make a good point, Andrew. A significant part about data control is often illusion. Not ALL data requires a deep level of control and security. In procurement for example, you want the largest pool of users outside your network to be accessing information so you can evaluate the largest amount of bids and get the best price and service combination. The cloud provider, if they are worth their salt, will provide a sufficient amount of data and application security (validatng users/access for example) for mitigating threats. And an agency definately doesn’t want this traffic or user type on their own network, which would be isolated for government employees. And when the contract process is complete, the agency can safely remove the contract information to their local accounting system.