Cloud computing has become an inevitable choice for the digital transformation of enterprises. The emergence and application of cloud computing as information storage and processing technology complicate the reasonableness identification of trade secret confidentiality measures. First, the partial transfer of the management right of trade secret information makes cloud service providers enter the view of identification. Second, the retention of the right of access to the information content of “uploading to the cloud” by cloud service providers may lead to the risk of expanding the scope of confidential information to be known indefinitely. Third, the express exclusion of confidentiality responsibility by cloud service providers constitutes an obstacle to the reasonableness identification of confidentiality measures. The traditional framework and method of reasonableness identification need to be reshaped. Based on the logic of property disclosure of confidentiality measures and the relativity and economic connotation of reasonableness to prevent overprotection, combined with promoting the development of cloud computing industry, following the principle of net neutrality and considering the factors of examining the meaning of the right holder’s confidentiality, behavior of uploading information to the cloud should be divided into information transfer or content disclosure in order to determine the reasonableness of trade secret confidentiality measures in cloud computing environment, and a three-step analysis method should be constructed. The first step is to determine that the type of information “uploading to the cloud” is information transfer or content disclosure based on the subjective and reasonable expectation of the right holder, the environment setting of cloud service products, and the actual information being known. If the behavior of “uploading to the cloud” is judged as information transfer, it means that the right holder has not shared and disclosed confidential information with cloud service providers, and the reasonableness identification directly enters the third step. If the behavior of information “uploading to the cloud” is identified as content disclosure, the reasonableness identification should enter the second step. The second step is the analysis of whether cloud service providers bear the confidentiality obligation, which mainly investigates whether cloud service providers bear the express or implied confidentiality obligation to the right holder. The third step is the analysis of the confidentiality measures taken by the right holder, which mainly focuses on the analysis of the enterprise type and industrial characteristics of the right holder, whether the trade secret information is defined and managed differently, whether appropriate confidentiality measures are taken according to the characteristics and value of trade secret information, and whether systematic risk assessment and prevention and control measures are taken.