Users expect that cloud service designers have included robust security mechanisms as essential aspects of the service. What differentiates one service from the other is cloud security assurance--consumers’ opportunity to gain justifiable confidence about the consistency of the service with respect to its security properties.

Ardagna et al. present a survey of over 300 high-quality publications on cloud security and assurance. The paper presents objective research and makes it easy for readers to select publications of interest quickly based on their own criteria. This is an excellent resource for those beginning to work in this area, as well as for security experts to get a broader view of the domain. It will also be beneficial reading for software system architects.

The authors adopt a specific methodology for selecting high-quality publications with clearly defined criteria, and then go on to build a taxonomy. The presentation follows a simple framework to summarize each publication surveyed, consistently: when, where, what, and how. The authors include crisp one- or two-line summaries of promising publications, to help readers choose.

The survey starts with the important security themes of vulnerabilities, threats, attacks, and risk evaluation. This section concludes by identifying an area that is less explored and of growing interest: attacks on the availability, confidentiality, and privacy of customer data. An important insight presented in the following section is related to cloud availability as a property at the intersection of security, reliability, and performance.

The authors present detailed summaries of 161 research papers in an elegant table. This table is the paper’s key contribution. It is very helpful for selecting publications of interest to dive deeper. The appendices compare existing surveys, white papers, and standards. The final section presents detailed results and a few recommendations for next-generation cloud security and assurance.