Consider These Themes Before Selecting a Cloud Provider for Your Regulated Workloads

Might I suggest you consider the following important points as you select a cloud provider...

• Are cloud computing offerings the core business of your chosen cloud providers?
• Is cloud a financially viable business for the cloud provider?
• Does the cloud provider have a strong technical vision, ability to deliver and proven expertise?
• How does the cloud service provider maintain a compliant position if using 3rd party staff? What contractual arrangements are in place that enables compliance to be asserted or validated?
• Are data centers and operational function locations appropriately secured?
• What are the plans for Continuity of Business and Disaster Recover?  Do major outages impact a client? What capacity remains available in the event of an outage and how can it be reserved and accessible?
• Track record and availability statistics for service offerings?
• References from existing clients within regulated industries
• Unambiguously documented roles and responsibilities (especially for availability, monitoring, incident management, security, and privacy)
• Reporting capabilities for availability, usage and financial metrics
• Ability to assure infrastructure, storage, and staffing location 
• Compliance with published regulatory standards
• How should consideration of the above change when buying higher value offerings such as PaaS and SaaS?
• Does the cloud provider understand how to sell and service enterprise clients?
• Does the cloud provider encourage a one-size fits all approach? - likely this does not work for regulated industries?
• Can the cloud provider support hybrid on-prem/off-prem deployment models with a supporting ecosystem of connectivity, consistency, and interoperability?
• Is pricing competitive?  
• Is the cloud provider profitable and sustainable?

*** Vic Winkler's book, "Securing the Cloud: Computer Security Techniques and Tactics", inspired me in creating this list.