AWS has the tools to be massively secure and highly compliant, but you have to do things right.
AWS operates under a "shared security model." They are responsible from the physical infrastructure up to the hypervisor, and the user is responsible for the virtual machine up to the application. The tools are there to make your environment extremely secure and compliant with a wide variety of authorities; Trek10 can help you assemble and run them.
Leverage on-disk encryption, key management, virtual networking, and fine-grained access control to make your AWS deployment compliant. Trek10 CloudOps can also deliver PCI and HIPAA certified monitoring and response procedures.