The acceptance of the cloud as an infrastructure to host applications is a growing trend. Facilitating and hosting applications on the cloud reduces support and maintenance costs. However, concerns about the security of these applications is one of the primary reasons organizations avoid complete adoption of cloud services. Although cloud service providers (CSPs) offer standard security, they don’t address security with respect to application’s security requirements. This article proposes an offline risk-assessment framework to evaluate the security offered by a CSP from the perspective of an application to be migrated to it. Once the most secure CSP is identified for a given application, the proposed framework performs a cost-benefit tradeoff analysis in terms of the security dispensed and service costs to support the formation of an ideal cloud migration plan.