A Comprehensive Survey on Security Threats and Challenges in Cloud Computing Models (SaaS, PaaS and IaaS)

Abstract

Cloud computing has fundamentally transformed data access, storage, and processing for individuals and businesses alike, offering unparalleled scalability, flexibility, and cost-effectiveness through Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) models. However, as with any revolutionary paradigm shift, cloud computing is not without its challenges and concerns, cybersecurity being chief among them. This research article examines security challenges and attacks in each cloud computing model, with SaaS SQL injection and deceitful QR code attacks highlighted, PaaS facing vulnerabilities like unauthorized access addressed through the Multi-Perspective PaaS Security Model, and IaaS confronting issues such as data breaches by emphasizing shared responsibility. To address these challenges and concerns, this study proposes and explores potential solutions, such as integrating machine learning and encryption techniques to mitigate vulnerabilities and enhance the security posture of cloud platforms. By discussing relevant literature and conducting comparative analysis of existing works, this study also identifies research gaps and trends that need to be addressed in the future, including emerging threats and standardization of cloud security measures that would contribute to the establishment of industry-wide standards and effective countermeasures in cloud computing. The findings of this study underscore the critical importance of collaborative efforts between users and Cloud Service Providers (CSPs) in addressing cybersecurity concerns, as well as the need to enhance user awareness and adopt robust longitudinal studies to mitigate future security risks. Ultimately, this research aims to provide a comprehensive understanding of evolving security landscapes in cloud computing, and contribute to the establishment of industry-wide standards and effective countermeasures in cloud computing.