The paradigm of cloud computing has elevated IT to new heights by offering the elasticity to match customer needs, while also reducing capital expenditure on procuring IT infrastructure. Despite the apparent benefits provided by cloud computing, organisations are slow in embracing the technology due to numerous issues that are associated with the lack of security transparency such as trust and accountability. Several contributions have been proposed to address these issues. However, most of the contributions have not provided a definite method by which security transparency can be achieved based on user requirements, and particularly, by probing or auditing cloud service providers. In this paper, we propose a framework for addressing a pressing challenge of cloud security transparency. Our approach includes a process and a supporting auditing tool for vetting cloud service providers and enabling security transparency based on predefined user requirements. The paper builds on our previous work on security transparency framework by incorporating an implementation process. In addition, we have developed a Security Transparency and Audit Tool through which users can collect and analyze evidence from cloud service providers for determining conformity to requirements, as well as for the specification of remedial actions. The tool is designed to be a supplementary component of the proposed framework that enables continuous probing and vetting of cloud provider meets user requirements, thereby enhancing security transparency. The work is novel in its approach because it consolidates various elements to provide a simplified method for organizations to attain security transparency. We also believe that the contributions are significant towards solving the issues and challenges of cloud security transparency in general.

云计算范例通过提供满足客户需求的弹性，同时还减少了采购IT基础架构的资本支出，将IT提升到了新的高度。尽管云计算提供了明显的好处，但是由于与信任和问责制等缺乏安全性透明性相关的众多问题，组织在采用该技术方面进展缓慢。为了解决这些问题，已经提出了一些建议。但是，大多数贡献都没有提供一种确定的方法，通过该方法可以基于用户需求，尤其是通过探测或审核云服务提供商来实现安全透明性。在本文中，我们提出了一个框架来应对云安全透明性的紧迫挑战。我们的方法包括一个流程和一个支持审核工具，用于审核云服务提供商并根据预定义的用户要求实现安全透明性。本文通过结合实施过程，以我们先前在安全透明框架方面的工作为基础。此外，我们还开发了一个安全透明和审核工具，用户可以通过该工具收集和分析来自云服务提供商的证据，以确定是否符合要求以及制定补救措施的规范。该工具被设计为所提议框架的补充组件，该框架使对云提供商的连续探查和审查能够满足用户要求，从而提高了安全性。这项工作的方法是新颖的，因为它合并了各种要素，为组织实现安全透明性提供了简化的方法。我们还相信，这些贡献对于解决总体上云安全透明性的问题和挑战具有重要意义。