X.1601 is an ITU Telecommunication Standardization Sector (ITU-T) family standard that addresses the design security framework for cloud computing. The standard analyses the security threats and challenges in cloud computing, and provides recommendations to mitigate security risks. From these analysis and recommendations, a cloud computing customer should be able to do a risk assessment of adopting cloud computing. Major threats analysed in the standard for cloud customers are: data loss and leakage, insecure service access, and insider threats. The main security challenges for customers are: ambiguity in responsibility due to legal requirements, loss of governance and privacy by outsourcing services to cloud providers, and cloud service provider lock-in. Finally the standard ITU-T X1600 identifies recommendations to address security threats and challenges.