Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source

Abstract

ABSTRACTCloud computing enables information technology related services in a more dynamic and scalable way than before—more cost‐effective than before due to the economy of scale and of sharing resources. Usually, cloud providers describe their promised behaviour—regarding functional and non‐functional aspects of the service provision—by way of service level agreements (SLAs). For different providers offering similar functionality, SLAs are often insufficiently claimable and inconsistent with the aspects considered important by customers. Therefore, customers face problems identifying a trustworthy cloud provider solely on the basis of its SLA. To support customers in reliably identifying trustworthy cloud providers, we propose a multi‐faceted trust management system architecture for cloud computing marketplaces and related approaches. This system provides the means for identifying trustworthy cloud providers in terms of different attributes, for example, compliance, data governance and information security. In this article, we present the first realization of our proposed trust management system using the Consensus Assessment Initiative Questionnaire, initiated by the Cloud Security Alliance, as one of the sources of trust information. In particular, our proposed approach contributes to the challenge of extracting trust information from Consensus Assessment Initiative Questionnaires completed by cloud providers. Finally, our implemented system and related approaches are experimented using real datasets. Copyright © 2013 John Wiley & Sons, Ltd.