Isn't it? Amazon's server team is way better than your company's.

I don't usually wave the flag, but no, they aren't. They might be comparable, but not better.

It is better. You can be HIPAA and other obnoxious-acronym compliant in an amazon VPC. You can't with data on random laptops...

> You can't with data on random laptops...

Well, yes you can, you just document the procedure.

I really can't understand the disconnect between setting a policy that you can't have company data on company owned/controlled desktops but can have all that data sitting in a 3rd party system.

3rd party cloud systems don't get stolen out of backpacks and left behind in coffeeshops.

I've got a free year of credit monitoring because a hospital laptop was stolen with patient data on it and they have no idea where it went. Yippee.

And in the future you'll be able to get another free year because AWS was breached and all your health data has been accessible over the internet for god knows how long. Or maybe you won't because it wasn't the hospitals fault, it was Amazon's and you're not their customer. I know I'm looking forward to it.

But whatever, just hope that Amazon does the right thing, it's not like you or your healthcare provider can check up on it.