The Case for Cloud Service Trustmarks and Assurance-as-a-Service

TL;DR

This paper advocates for implementing dynamic trustmarks for cloud services, combining live performance data and assurance measures to enhance trust, accountability, and confidence among users and stakeholders.

Contribution

It proposes a novel, active trustmark scheme for cloud providers that integrates real-time performance data and third-party assurance to improve trust and accountability.

Findings

Trustmarks can improve consumer confidence in cloud services.

Dynamic, live data enhances transparency and trustworthiness.

The scheme supports accountability and compliance in cloud computing.

Abstract

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing.