Evaluating Security and Privacy in Cloud Services


Moving data and applications to the cloud implies shifting their control from cloud consumers to the cloud service provider (CSP) indefinitely. Hence, the security and privacy (S&P) of the consumers' assets becomes an important issue. Assessing and comparing potential cloud computing (CC) services, poses an issue for CC adopters to choose S&P options that are sufficient and robust at the same time. In this paper, we describe CC adopters' S&P concerns. We identify a set of attributes that reflect various aspects of cloud S&P in an attempt to alleviate those concerns. We classify the attributes based on their tangibility and their relevance to S&P threats. Every attribute in our list is represented by a set of considerations (i.e. polar questions) to assess its quality. We present a tool that embodies our set of attributes. We aim to enable consumers to assess and compare CC services, in terms of S&P, so that they can make well-educated choices. CSPs can also make use of these attributes to offer better cloud S&P.

Publication Title

Proceedings - International Computer Software and Applications Conference