The fact that cloud security standards cannot deliver all detail about all possible cloud computing offerings does not mean that user organizations must accept that the information is not available or not made available with the required quality and detail in time. There is a solution as shown in Figure 5.

This Zero Outage Industry Standard proposes that:

  1. Cloud security standards should require Cloud Service Providers (CSC) to provision user’s guide referred to as “Patterns” in Figure 5 (No. 1a). Cloud Service Providers (CSP) which claim to provide a computing service being compliant with the enhanced cloud computing standard will deliver the user’s guide referred to as “Patterns” (No. 2 in Figure 5). Using the user’s guide referred to as “Patterns”, user organizations (Cloud Service Consumes, CSC) can understand the IT security features and risks associated with using the cloud service and understand the division of labor between provider and consumer and the tasks that remain with them (No. 3 in Figure 5).
  2. Cloud security standards should define content and structure of the user’s guide referred to as “Patterns” in Figure 5 (No. 1b). The user’s guide shall characterize the cloud computing service, specifically the cloud’s Deployment Model (for whom and how the service provided) and the cloud’s Service Model (which party is responsible for what). In addition to the content of the user’s guide, the cloud security standards should also define its structure and the syntax and semantics of the sentences (called “Patterns”). This third condition ensures that user organization can compare the cloud computing services or, more precisely, their security and compliance risk profile and division of labor throughout the service’s lifecycle.
  3. By delivering the Patterns as required by the cloud security standard, the Cloud Service Provider (CSP) confirms that the cloud service actually implements the Deployment and Service Model as described in the Patterns.

Figure 5: Proposal to enhance cloud security standards

These requirements, added to cloud security standards,

  • ensure that the required information is delivered and made available to the user organizations (Cloud Service Consumers, CSC),
  • ensure that the descriptions are comparable and handy.

The user’s guides are denoted as Patterns since

  • The essential information in the user’s guide shall be provided in form of single sentences.
  • These sentences shall have a defined structure, the syntax shall be defined, and the semantics shall be clear since terms are defined und used in a unique manner.

As a result, the Patterns are “semi-formal” expressions. This is way, the essence of the user’s guide is called “Patterns” in this Zero Outage Industry Standard.

Chapter 5 provides examples of enhancing cloud security standards with user’s guide in form of semi-formal expressions (sentences). But before, Chapter 4 provides some details about Deployment and Service Models as understood in this paper. Especially, the term Service Model is defined in different manner [8] than used in other publications