Abstract: Cloud computing has revolutionized the provision of IT services via elastic models like Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). These models, though, come with an array of security threats that keep changing with technology. This review analyses and classifies widespread security attacks in the cloud service models—focusing on prevalent attacks like SQL injection in SaaS, unauthorized access in PaaS, and data breach in IaaS. It integrates current defence mechanisms, with a particular emphasis on machine learning methods and cryptographic mechanisms, and stresses the increasing importance of joint security efforts by cloud users and providers. Moreover, the paper summarizes actual cloud-based attack vectors in real life, categorizing them based on severity to facilitate risk prioritization. The assessment also discusses the specific challenges brought about by cloud integration into industrial SCADA systems, detailing their primary vulnerabilities and categorizing related threats into types such as hardware-level, protocol-based, and insider attacks. Lastly, it talks about changing trends and best practices and highlights the move from ad hoc security reactions to formal, risk-defined cloud security strategies.

Keywords: Cloud Security, Cloud Computing, Threats & Vulnerabilities (or "Cloud Threats"), Cloud Service Providers (CSPs), Cloud Deployment Models (SaaS, PaaS, IaaS), Zero Trust Architecture (ZTA)

Downloads: | DOI: 10.17148/IARJSET.2025.12846