Transparency needed

User organizations (Cloud Service Consumers, CSC) require detailed information about the IT security and compliance risks associated with the use of the cloud computing service. They require this information:

  • for their standard IT security management activities such as assessments and risk management,
  • to take purchase decisions,
  • to prepare for performing security-related activities they are still responsible for,
  • to pass audits and inform their stakeholders (e. g. shareholders, customers, governmental and regulatory authorities).

User organizations (Cloud Service Consumers, CSC) want this information to be

  • tangible, precise, and contractually relevant,
  • to the point, short, and easy to understand,
  • clear, unambiguous and using a language that allows comparison of different services.

Information that contains marketing messages or arguments to convince users may not be that useful.