National Institute of Standards and Technology issues guidance on cloud computing. Cloud Security Alliance has created Cloud Controls Matrix to fill the gap. For too long, cloud service providers have expected organizations to faithfully trust that their data are being adequately protected. Cloud provider compliance is not synonymous with your own compliance, says author. Cloud Compliance Catch-22: If your cloud service provider lacks in transparency and cooperation, beware, he says. If you expect to store your cardholder, health, non-public information in the cloud, expect you to think twice about what is appropriate use.”]
Source: https://www.cuinfosecurity.com/blogs/cloud-compliance-catch-22-p-1351