If I find something interesting on the web that I want to refer to
again, or if I write something up that might become a proper
blog post someday I often save it as a text file into one of a
logical series of directories on my machine.
This site is RSS enabled.
PCI Compliance and the cloud
Technically, you cannot obtain PCI compliance if you store financial information in cloud storage because you typically cannot inspect the infrastructure, or make changes to it, the audit trail does not go all the way to the hypervisor since this could compromise other customers data and tracability and control of the data is a requirement. None of them explicitly claim to be PCI compliant, and some cannot be by design. Microsoft does come close.
HIPPA Compliance and the Cloud
HHS offers some guidance here, though guidance is code for: follow these suggestions or you may lose your lawsuit. "Lacking an encryption key does not exempt a CSP from business associate status and obligations under the HIPAA Rules. As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is both contractually liable for meeting the terms of the BAA and directly liable for compliance with the applicable requirements of the HIPAA Rules."