Compliance with the many security certifications, regulations, and frameworks, such as SOC, PCI, and HIPAA, is of extreme importance to cloud providers because it is important to cloud consumers. This is evident by the extent to which a cloud provider's value-added services have been approved under these different assurance programs. Simply put, as cloud customers, we are subject to these assurance programs, therefore we must choose a cloud provider that has been approved as well. Failing to support a specific program can be a competitive disadvantage for a cloud provider.
This is another benefit of the shared responsibility model. As we draw the line higher and higher with the use of value-added cloud services, we also inherit more and more security controls from the cloud provider. This, in turn, allows us to focus our attention on the security controls...
