Using cloud services means that we have outsourced the management of our information systems on a large scale. We process our data in locations whose physical whereabouts we may not know, and without knowledge of who has access to them. We potentially share the IT infrastructure with millions of others. Our personal data is processed and stored by parties of whom we may sometimes not be aware. We do this in blind trust that all involved parties adhere to laws, regulations, and specific agreements. Without that trust, the use of cloud services in our digital society wouldn’t be as extensive as it is today.
Clear criteria as the basis for trust.
For (potential) users of cloud services, it’s crucial that providers assure the reliability of their services. It means that the service meets the requirements that can reasonably be expected and complies with the agreements made between users and providers regarding this matter. These requirements and agreements are included in criteria that, in turn, are translated into measures designed to ensure the service complies with these criteria.
Stakeholders largely base their trust in cloud services on the assurance they receive that the service complies with these criteria. Hence, the criteria form the basis of trust in cloud services.
The formulation of criteria is complex and requires a lot of expertise. Fortunately, there are standard frameworks with criteria, often in the form of certification schemes. However, there are many different frameworks that partly overlap but also diverge in some aspects. The Online Trust Coalition contributes to clarifying these differences and harmonizing the available frameworks, thereby enhancing their usability
