The Case for Cloud Service Trustmarks and Assurance-as-a-Service

Theo Lynn, Philip Healy, Richard McClatchey, John Morrison, Claus Pahl, Brian Lee

2013

Abstract

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing.

References

  1. Aiken, D., Osland, G., Liu, B., Mackoy, R., 2003. “Developing Internet Consumer Trust: Exploring Trustmarks as Third-Party Signals.” In Marketing Theory and Applications, vol. 14, pp 145-146.
  2. Aiken, D., Boush. D., 2006. Trustmarks, objective-source ratings, and implied investments in advertising: investigating online trust and the context-specific nature of internet signals. Journal of the Academy of Marketing Science, 34(3), 308-324.
  3. Cloud Security Alliance, 2010. Top Threats to Cloud Computing v1.0.
  4. Endeshaw, A., 2001. The Legal Significance of Trustmarks. In 10 Information & Communications Technology Law.
  5. European Commission, 2012. Unleashing the Potential of Cloud Computing in Europe.
  6. GAP Task Force on Cloud Computing. Final Report. May 2011.
  7. Haeberlen, A., 2010. A case for the accountable cloud. ACM SIGOPS Operating Systems Review, 44(2), pp52-57.
  8. HBR Analytic Services, 2010. How the Cloud Looks from the Top: Achieving Competitive Advantage In the Age of Cloud Computing.
  9. Huff, G., 1981. Trusted Computer Systems - Glossary. MTR 8201, The MITRE Corporation.
  10. IAMCP. 2011. IAMCP 'Trustmark' Proposal for Cloud Service Providers. Presentation at 5th Call for Proposals.
  11. ICT PSP CIP Theme 4 - ICT for innovative government and public services in March 2011
  12. IDC, 2012. Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Uptake.
  13. International Auditing and Assurance Standards Board (IAASB), 2008. International Framework of Assurance Engagements
  14. Ko, R.. Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S., 2011. TrustCloud: A Framework for Accountability and Trust in Cloud Computing, HP Laboratories, HPL2011-38.
  15. Pearson, S., Charlesworth, A., 2009. Proc. 1st CloudCom 2009, ed. Jaatun et al., Springer LNCS 5931, pp. 131- 144.
  16. Pearson, S., Tountopoulos, V., Catteddu, D., Sudholt, M., Molva, R., Reich, C., Fischer-Hubner, S., Millard, C., Lotz, V., Jaatun, M.G., Leenes, R., Rong, C., Lopez, J., 2012. Accountability for Cloud and Other Future Internet Services.
  17. Pearson, S., Wainwright, N., 2012. An interdisciplinary approach to accountability for future internet service provision. In Int. J. Trust Management in Computing and Communications.
  18. Pew Internet, 2010. Pew Research Center's Internet & American Life Project (2010) The Future of Cloud Computing
  19. Remotti, L., 2012. Trustmark provision in Europe. Presentation at EU Digital Agenda Assembly 2012.
  20. Robinson, N., Valeri, L., Cave, J., Starkey, T., Graux, H., Creese, S., Hopkins, P., 2010. The Cloud - Understanding the Security, Privacy and Trust Challenges
  21. Schouten, E., 2012. Auditable Cloud Services and Industry Compliance. Wired, November 2012.
  22. Shirey, R., 2007. Internet Security Glossary, Version 2. IETF, RFC4949.
  23. Sommerville, I., 2007. Design for Failure: Software Challenges of Digital Ecosystems. In 1st IEEE Conference on Digital Ecosystems.
  24. Yankee Group, 2010. 2010 FastView Survey: Cloud Computing Grows Up.
Download


Paper Citation


in Harvard Style

Lynn T., Healy P., McClatchey R., Morrison J., Pahl C. and Lee B. (2013). The Case for Cloud Service Trustmarks and Assurance-as-a-Service . In Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-52-5, pages 110-115. DOI: 10.5220/0004405901100115


in Bibtex Style

@conference{closer13,
author={Theo Lynn and Philip Healy and Richard McClatchey and John Morrison and Claus Pahl and Brian Lee},
title={The Case for Cloud Service Trustmarks and Assurance-as-a-Service},
booktitle={Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2013},
pages={110-115},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004405901100115},
isbn={978-989-8565-52-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - The Case for Cloud Service Trustmarks and Assurance-as-a-Service
SN - 978-989-8565-52-5
AU - Lynn T.
AU - Healy P.
AU - McClatchey R.
AU - Morrison J.
AU - Pahl C.
AU - Lee B.
PY - 2013
SP - 110
EP - 115
DO - 10.5220/0004405901100115