Abstract
Moving data and applications to the cloud implies shifting their control from cloud consumers to the cloud service provider (CSP) indefinitely. Hence, the security and privacy (S&P) of the consumers' assets becomes an important issue. Assessing and comparing potential cloud computing (CC) services, poses an issue for CC adopters to choose S&P options that are sufficient and robust at the same time. In this paper, we describe CC adopters' S&P concerns. We identify a set of attributes that reflect various aspects of cloud S&P in an attempt to alleviate those concerns. We classify the attributes based on their tangibility and their relevance to S&P threats. Every attribute in our list is represented by a set of considerations (i.e. polar questions) to assess its quality. We present a tool that embodies our set of attributes. We aim to enable consumers to assess and compare CC services, in terms of S&P, so that they can make well-educated choices. CSPs can also make use of these attributes to offer better cloud S&P.