Abstract: How should the organization can be done to decide what security measures one should have to apply to protect its data and computations, which have different security requirements from a Cloud Service Provider (CSP) with an unspecified or undetermined level of corruption? The answer to this question can be found on the organization’s perception about the CSP’s reliability and the trustworthiness and the security requirements of its data of an organization. This paper proposes a decentralized, dynamic and evolving policy-based security framework that helps any of an organization to derive such perceptions to provide the proper authority from knowledgeable and trusted employee responsibilities and their functionality are based on that, the choice of the most relevant security policy postulating the confidential measures is very much necessary for outsourcing data and computations to the cloud.

Keywords: Cloud computing, cloud storage, cloud services, Cloud security policy.