In general, the compliance limitations of public cloud have to do with the extent to which public cloud systems can keep private client data secure.
Because public cloud systems hold multi-tenant information, there is the potential for cross-contamination of data, or some situations where hackers can get into the hypervisor and drill down into a particular client’s payload.
However, most modern vendors pay attention to key security standards when maintaining public cloud setups – so in many cases, public cloud does have sufficient security for a company.
With this in mind, if a certain standard or regulation requires complete separation of data, the company may have to implement a private cloud system with the vendor. The community of vendors offers an array of private, public and hybrid cloud solutions. Hybrid clouds can also be a good option for companies that have varying data sets – where some data operations are handling sensitive data, and others are not.
The bottom line is that although public cloud is great in many cases, companies have to figure out whether the standards provided by the vendor will meet their own compliance standards and those of their industries. In some cases, the biggest security concerns are on the client systems – they involve situations where the company’s in-house setups are less secure than those of the public cloud provider. Public cloud vendors may be able to safeguard data stored in their own public systems, but may not provide the same security for in-house data flowing into and out of the client’s internal network.