Compliance 

The last one in our list is compliance, and this seems to get a lot of people worried, mainly due to security concerns. While public clouds are compliant to most (if not every) standard known to man, some people still get paranoid. 

In order to illustrate, we will go back to our hotel analogy for the public cloud scenario. You have been assigned a room, you have no control over who gets the room next door with a shared wall. If someone plays loud music in their room, it might disturb your sleep. 

So, is there a workaround? Sure there is book the whole floor. 

Let me translate the preceding example into a compliance standard - HIPAA, the Health Insurance Portability and Accountability Act of 1996. I am not going to delve into the details of HIPAA itself as that's beyond the purview of this book, other than to say that all healthcare companies, if operating out of the United States, need to comply with it.

HIPAA has strict tenancy rules, but the cloud, by definition is multi-tenant. In order to solve this as an example, AWS has offered the dedicated tenancy model. In short, the hardware becomes dedicated to you (or booking the whole floor, in our analogy).

Now, while this is possible in our case, it makes the instances a little more expensive. Also a small misconfiguration might render us non-compliant in the cloud. A private cloud might be a little more resilient to this (if properly ring-fenced). 

This is just one of many compliance standards that various industries use, and others like SOX (Sarbanes-Oxley), PCI DSS (Payment Card Industry - Data Security Standards), ISO (International Standards Organization), and so on have various controls for IT.