Despite its technological advances, cloud computing's adoption is not as wide as expected. Security is still a big concern that prevents many to "cloudify" their applications and put their data in the hands of a cloud provider. Also, interoperable scenarios fostered by SOA technologies exacerbate the security question, as customers have to deal with multiple providers who, in their turn, must establish mutual trust relationships in order to interoperate. In the last few years, policies are being used as a means to build networks of trustiness among cloud providers. Standards and specifications on security management through policies have also appeared. We argue that the main problem with this approach is that policies are expressed through syntactic languages which, if processed by computers, show well-known limitations. We then propose an approach that leverages on the semantic technologies to enrich security policies with semantic contents enabling machine reasoning. The framework we developed caters for the security needs of both customers and providers, and aims at making a smart match between what is requested and what is offered in terms of security. On the customer side, no extra effort is required other than specifying their security policies according to well-established security notations; an automatic procedure is charged of adding semantic content to the policies.