Towards a process-oriented framework for improving trust and security in migration to cloud

In spite of all the benefits that the cloud environment offers to enterprises, there is still a growing need for a secure plan which could meet security and trust concerns. In addition, the key source of an effective cloud migration plan relies on having clearly defined processes which continuously monitor the problems and could consider changes both in technological and strategic issues in the cloud environment. The main idea of our framework, namely Plan-Negotiate-Implement-Check (PNIC), is to analyze the customer concerns, categorize them from the perspective of trust and security, and develop a plan for building and sustaining trust. It will implement the security solutions for mitigating the security concerns and finally it will consider a monitoring phase for the continuous checks. All above processes must put into a cycle to continuously monitor and solve the problems. PNIC is a process-oriented approach like some common accepted improvement models like PDCA (Plan-Do-Check-Act). It tries to develop required processes in the form of a cycle to continuously improve and identify problems in trust and security issues. Following this framework by the enterprises before moving to the cloud, will lead to a trustworthy plan which will meet cloud customer concerns.