There’s no doubt that compliance is important, but it’s only one outcome of cloud security and shouldn’t be the driver.
It’s possible to be compliant without being secure. The threat landscape is ever changing and HIPAA requires that you keep up with new threats and risks and evolve your security program to defend against new risks. Compliance standards are static and don’t evolve as rapidly as the threats, often making compliance the lowest common denominator of security requirements. If you’re finding it challenging to dedicate the time and resources just to be compliant, you’re probably leaving your data vulnerable to sophisticated threats.
The act of being secure isn’t about checking compliance boxes, it’s the process of employing a multilayered web of protection to all infrastructure, applications and processes that touch your data.