A cloud storage assurance architecture (CSAA) for providing integrity, privacy and availability assurances regarding any cloud storage service is presented. CSAA is motivated by the fact that the complexity of components (software / hardware and personnel) that compose such a service, and lack of transparency regarding policies followed by the service makes conventional security mechanisms insufficient to provide convincing assurances to users. As it is impractical to rule out hidden undesired functionality in every component of the service, CSAA bootstraps all desired assurances from simple transformation procedures executed inside a low complexity trustworthy module; no component of the cloud storage service is trusted.