CISOs weighing regional cloud providers face a harder question than location alone: what evidence proves the workload will stay secure, portable, and governable over time?