SOA and cloud computing have brought new opportunities for the long expected agility, reuse and the adaptive capability of IT to the ever changing business requirements and environments. But due to the immature nature of the rapidly evolving technologies, especially in the areas of security, service or information integrity, privacy, quality of service and their possible detrimental consequences, many enterprises have been hesitating to make the shift. This paper adopts the concept of insurance and establishes a framework and the supporting reference model for cloud computing. We utilize the value-at-risk (VAR) approach to establish several appropriate mechanisms, and use a set of measurable metrics. Those quantitative or qualitative metrics can be applied as the basis for the business value and risk assessment, and eventually for insurance premium and compensation calculation for the failures of the services offered in Cloud environment. This model can also establish a potential new innovative market branch for the insurance industry. © 2010 IEEE.