International Journal of Electrical and Computer Engineering (IJECE) Vol. 8, No. 5, October 2018, pp. 3129~3139 ISSN: 2088-8708, DOI: 10.11591/ijece.v8i5.pp3129-3139  3129 Journal homepage: http://iaescore.com/journals/index.php/IJECE Review on Security Aspects for Cloud Architecture Shaz Alam, Mohd Muqeem, Suhel Ahmad Khan Department of Computer Application, Integral University Integral University, India Article Info ABSTRACT Article history: Received Jun 10, 2017 Revised Feb 13, 2018 Accepted Aug 27, 2018 Cloud computing is one of the fastest growing and popular technology in the field of computing. As the concept of cloud computing was introduced in 2006. Since then large number of IT industries join the queue to develop many cloud services and put sensitive information over cloud. In fact cloud computing is no doubt the great innovation in the field of computing but at the same time also poses many challenges. Since a large number of organizations migrate their business to cloud and hence it appears as an attractive target for the malicious attack. The purpose of the paper is to review the available literature for security concerns and highlight a relationship between vulnerabilities, attacks and threats in SaaS model. A mapping is being presented to highlight the impact of vulnerabilities and attacks. Keyword: Cloud computing Security in cloud SPI model Copyright © 2018 Institute of Advanced Engineering and Science. All rights reserved. Corresponding Author: Shaz Alam, Department of Computer Application, Integral University, Kursi Road, Lucknow, India. Email: shaz.alam62@gmail.com 1. INTRODUCTION Cloud computing emerges as the innovation which reduces the management effort for organization and allows them to focus towards their core functionalities. As per the study of Gartner, cloud computing is among the top ten innovations in the field of computing [1]. Cloud computing provides the computing services, information and memory space at a very reasonable cost. This innovation of computing has many advantages such as business innovation, economy of scale, low administrative overhead, low operation and maintenance cost, high quality services etc. over traditional owned private data centers. Thus Cloud computing appear to be one of the best option for a large number of IT organizations. As per one survey 91% organization in Europe and US accept the fact that cost effectiveness is the main reason to migrate the business to cloud [2]. But it is a proven fact that every coin has two faces i.e. it also has challenges. Generalization of cloud computing make more enterprises, person to put a large amount of sensitive information over cloud. Thus the impact of security issues will be large [3, 4]. A survey regarding cloud services made by IDC highlights the fact that the security is one of the biggest threats in the adoption of Cloud as shown in the Figure 1 [5]. Few well known security incidences occurred in past were as in 2009, the PayPal a payment tool encountered a network broken accident as a consequence of which millions of machines could not sold products for an hour on a global scale [6]. In 2011, the packet switched network of Sony was breached by the hacker which resulted in compromise of personal information of 70 million users [7]. In 2013, the window Azure cloud encountered a global failure caused by the exchange of deployment by virtue of manual operation [8]. All these above past incidences are just because of improper assessment of threats vulnerability and their impact over the system. Majority of above mentioned incidents were at application level. SaaS model is more risk prone as compare to PaaS and IaaS due to the existence of inherited risk of these models. This may act as driving