Towards quantification and evaluation of security of Cloud Service Providers

Security is still the main obstacle preventing companies and businesses which deal with private information and confidential data from migrating towards the Cloud. Cloud Service Providers should continuously perform security self-evaluation and assess the level of their security services in order to identify their limitations and improve their performance. We propose in this paper, a methodology for performance quantification and evaluation of Cloud security services, based on a set of quantitative evaluation metrics which we developed using the Goal-Question-Metric (GQM) paradigm. We also make use of a case study scenario in order to demonstrate the efficiency and practicability of the proposed methodology.