This question has both a yes and no answer. If it's about the customer being able to demonstrate compliance, then it's important for you to be able to put that information in their hands readily and with some accountability as to how that cloud compliance was documented. If they want to be "compliant" because of the level of security they are expecting, I would suggest a demonstration of the criteria about which they are most concerned.
However, I am waiting (patiently) for regulatory bodies at all levels to put some teeth into the cloud compliance requirements. As long as the likelihood is remains slim that a regulatory body would reprimand you for a violation or issue a slap on the wrist, is it any wonder businesses are resistant to put that kind of data in the cloud?
Have a question for one of our cloud provider experts? Send it to email@example.com.
This was first published in March 2012