Towards Establishing Security-Aware Cloud Markets

Today´s cloud environments are very heterogeneous. This cloud heterogeneity, as the consequence of lacking cloud standards, builds technical and security barriers between cloud providers and blocks them from intended cloud collaborations within cloud marketplaces. A cloud broker, who acts on behalf of cloud providers, matches compatible collaborative partners according to their requirements and attempts to support the optimal exchange of cloud resources between them. The fulfillment of security requirements in cloud collaborations usually involves providing risk assessments, which are still very time-consuming and not applicable for ad hoc cloud collaborations within cloud marketplaces. Aiming to design and develop a security model for trading with cloud services, we identify in this paper concepts, mechanism and available tools that can support establishing of security-aware cloud markets. Furthermore, we introduce our information security governance driven cloud brokerage model with security labeling of tradable cloud products that can be the next step in the standardization process of tradable cloud products and optimize the selection of collaborative cloud partners.