Insecure APIs and/or Applications – Cloud service producers exposes a thousands of APIs to the consumers to interact, manage different business operations like provisioning, configuration, information extraction, orchestration, monitoring etc. Hence, these publicly exposed API interfaces likely becomes the first point to an attackers for attacks like data breach. It’s becomes very important to implement the security by design approach while developing and publishing these APIs with keeping security in mind like proper authentication and access control, rate limitation for accessing the APIs with data encryption at application and transport level.Data Breaches – Data breaches may create devaste impact on business value. Losing or completelydecoupling of data without any backups or leaking of encryption keys and PII through insecure API endpoints could leads to competitive and financial implications for the organizations. Authentication, Authorization and Access Control (AAA) should be properly ensured according to security compliance audit standard.Insider Threat -The probable chances to have an attack from inside the organization is most unlikely to happen, but still no one can predict about one particular insider from thousands of employees or any former employee of the company. Employee may use their authentication and access privileges or the data that employee took with them while leaving company to misuse organizations customer details and other sensitive information for financial competitive personal or organizational benefits. Denial of Service Attacks – Unlike other kind of security threats, Denial of Service attacks doesn’t either beneficial for attacker as well for organization. For DoS, Attackers mere intention is not to steal any sensitive information or to breach the perimeter security of the organization but only to disrupt the availability of the services for the legitimate user. The DDoS impact varies depends upon the size, bandwidth and criticality of the cloud services.