Cloud computing provides enormous business opportunities, but at the same time is a complex
and challenging paradigm. The major concerns for users adopting the cloud are the loss of
control over their data and the lack of transparency. Providing accountability to cloud systems
could foster trust in the cloud and contribute toward its adoption. Assessing how accountable
a cloud provider is becomes then a key issue, not only for demonstrating accountability,
but to build it. To this end, we need techniques to measure the factors that influence on
accountability. In this paper, we provide a methodology to elicit metrics for accountability
in the cloud, which consists of three different stages. Since the nature of accountability attributes
is very abstract and complex, in the first stage we perform a conceptual analysis
of the accountability attributes in order to decompose them into concrete practices and mechanisms.
Then, we analyze relevant control frameworks designed to guide the implementation
of security and privacy mechanisms, and use them to identify measurable factors, related
to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors
are derived. We also provide some strategies that we consider relevant for the empirical
validation of the elicited accountability metrics