Organizations that host extremely sensitive data, such as healthcare providers who work with Electronic Health Records
(EHRs), need to be especially aware of how compliance issues can affect their usage of cloud computing.
There are a number of laws and regulations such as Gramm-Leach-Bliley, Sarbanes-Oxley, and HIPAA that require companies to control and protect their data and certify that they have knowledge and control over who can access the data, who sees it and how and where it is stored. In a public cloud environment, this can be a problem.
Most cloud providers have SAS 70 certifications which require them to be able to describe exactly what is happening in their environment, how and where the data comes in, what the provider does with it, and what controls are in place over access and processing. But it’s important that you ask for some validation that they are meeting the various compliance regulations on an ongoing basis.