ITAR simply requires State-Side storage.
IIRC, ITAR compliance would not be very compliant when foreign citizens - especially citizens of named prohibited nations - have access to your data, even if it occurs on US soil. That can easily happen because cloud companies are not restricted in who they hire; they aren't even required to monitor what their employees are doing with your data. If anything happens that you, the customer, don't like, their liability is limited to what you paid for the service in the last billing cycle.
You may encrypt your data, but I don't think this helps. Having data is a separate problem from having the key. These problems can be solved by independent methods.