The document discusses cloud security and compliance. It introduces how cloud providers must adhere to security and privacy policies to protect user data. It also addresses the confusion among cloud users regarding what security measures they can expect. The authors developed an ontology describing cloud security controls, threats, and compliance standards. Some standards bodies discussed include CSA, ISO, and NIST. The document then examines specific cloud security controls and their related compliance standards.