A　key　problem　with　much　of　the　literature　on　cloud　services　evaluation　is　that　it　fails　to　consider　the　context　and　the　dependencies　between　the　evaluation　criteria　spanning　different　services　and　the　various,　and　often　conflicting,　customers＇　requirements.　Different　aspects　are　important　for　different　applications,　and　the　choice　of　evaluation　criteria　needs　to　reflect　this.　This　paper　proposes　a　method　for　selecting　the　core　security　evaluation　criteria　based　on　the　cause-effect　relationships　between　the　services,　threats,　vulnerabilities,　and　security　controls　using　multiple　evaluation　factors　including　the　importance,　likelihood,　and　impact.　The　Analytic　Network　Process　(ANP)　is　used　to　estimate　the　direct　influence　between　the　attributes,　and　the　Decision　Making　Trial　and　Evaluation　Laboratory　(DEMATEL)　is　used　to　obtain　the　total　influences　(direct　and　indirect)　between　those　attributes.　The　goal　is　not　to　blindly　use　all　the　criteria　that　exist　in　the　literature,　but　instead　to　identify　those　that　are　most　relevant　to　the　context　of　the　evaluation　considering　the　characteristics　of　cloud　service　models,　deployment　models,　and　the　overall　evaluation　context.　This　allows　to　focus　on　the　situation　and　eliminate　unnecessary　tasks.