From a cloud services user's perspective, some that I could think of are:

1. Resources managed by the cloud service provider

- improper redundancy planning

- presence of single points of failures

- slow response due to failures or congestion

- Non availability of critical resources when required

- Legacy software porting and execution

- Data security/pilferage

- Unplanned maintenance outages

- No cloud burst planning

- insufficient communication bandwidth

-security of resources

-abuse by miscreants

-responsibility of backups

2. Resources managed by telecom service provider

- Link failures

- Node failures

- Congestion in non-dedicated bandwidth

- Locked in protocols

- Non-availability of choice of protocols to users

- Availability of APIs to the third party

3. Resources managed by ISP

- All threats of intrusion, virus attacks, identity thefts, network flooding, DOS attacks, traffic re-routing/hijacking etc.

* Security : Businesses and individual must trust a third-party provider to maintain adequate security practices. This means that even when secure connections are established, cloud customers do not know if the service provider’s servers and software are adequately hardened. Also, staffers working for a service provider can be exposed to proprietary and confidential information during the course of business.

* Service Disruptions: Even if a service provider compensates customers for outages, most customers would prefer to have their servers and services up and running all the time. Also, as was the case of the Amazon outage, existing data can be lost if redundant storage systems fail.

* Cloud Use and Common Platform Attacks :This category of threat includes illegal use of a cloud provider’s infrastructure to launch attacks or conduct illegal activity on the Internet. For instance, the cloud might be used to attack or abuse other users within the same cloud infrastructure by leveraging common address spaces, common networks or hardware to assist in the attack.

* Service outages: can cost incalculable harm to a business. Every time a potential customer visits a website that doesn’t work, that person goes back to his or her search engine results and tries the next company. That customer might never re-visit that first site again.

* Abuse and Nefarious Use of Cloud Computing : The Alliance noted some Infrastructure-as-a-Service (IaaS) providers do not have strong controls on who may sign up for their services and often offer free limited trials

* Insecure Interfaces and APIs : Cloud computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Reliance on a weak set of interfaces can expose an organization to a variety of security issues related to confidentiality, availability, and password integrity.

* Malicious Insiders : Malicious insiders are dangerous both inside organizations and with cloud providers

* Shared Technology Issues : Cloud vendors deliver their services in a scalable way by sharing infrastructure. Virtualization hypervisors provide a means of creating virtual machines or operating systems, but hypervisors have exhibited flaws. The flaws have allowed, for example, a user to gain inappropriate levels of control over the underlying platform, thus impacting other customers on the shared platform.

* Data Loss, Data lock-in or Leakage : The threat of data compromise increases in the cloud due a number of underlying risks and challenges. Examples include insufficient authentication, authorization or audit controls, operational failures, and data center reliability.

* Lack of sufficient standards :It follows from the previous point that fragmentation, high stakes and huge rivalry are preventing the evolution of proper standards in handling data and applications.

* Account or Service Hijacking : Attack methods such as phishing, fraud, and exploitation of software vulnerabilities present a risk for account hijacking. With cloud services, if an attacker gains access to credentials, they can eavesdrop on activities, transactions, and manipulate and falsify data.

* Insecure Cloud Application Programming Interface Access : This category of threat includes the relative insecurity of cloud application programming interface (API) frameworks. The insecurity could also be in the operations that might be performed programmatically to manage cloud-based systems. Often the security controls, authentication and authorization mechanisms provided, lack the ability to prevent authentication bypass attacks and API hacks.

* Unknown Risk Profile : One of the tenets of cloud computing is a reduction in hardware and software ownership and the associated maintenance.

*Service Outages : Some of the most common outages that may occur are: data backup, down times, and data centers going offline. The good thing is that cloud outages can be predicted.

*Lack of information : Although it may not look like a threat, lack of information regarding where the data center is stored, or what levels of security a data center has, may influence in a negative way cloud computing.

* Confusion with Terminology: Though the term has gotten buzzy in the tech world, many Americans still don't quite understand the term or its implications for the way they use technology.

*Virtualised Environments :Virtualised environments can combine the resources of many physical services into a large virtualised pool used by cloud customers to build their servers, mount their platforms and run their software. When businesses use virtual private servers, their servers could reside in a resource pool shared by other VPS customers of the same service provider.

* Shared Infrastructure :This category of thread is due to the sharing the cloud provider’s infrastructures across hundreds of customers though the cloud computing was never designed to operate in such a massive multitenant mode.

* Users.: When using cloud services, your users' activities such as clicking links in e-mail messages, Instant Messaging, visiting fake web sites, etc. can download malware to a local workstation. Once installed, the malware can launch attacks against your internal network.

* Browsers: Several years ago, hackers used to attack software operating systems. More recently, hackers have shifted their attacks to target user browsers. By exploiting browser vulnerabilities, hackers have access to the same applications and data that your users access.

* Account Hijacking :Phishing, pharming and email-based attacks designed to direct users to a fraudulent website with the goal of stealing their user names and passwords are a constant threat. Once the users’ credentials are obtained, the attacker can access customer accounts, change data and misdirect customers to other fraudulent sites. A company’s cloud-based infrastructure could actually be used as a staging ground for new attacks — all executed

under the company identity.

* Highly fragmented market :In most areas of computing, it is a winner-take-all market. Whether it is Facebook or Google search, or Windows or iPhone, most markets in our world face either a monopoly or a duopoly. While such markets pose their own threats (lack of options/high pricing power with providers), cloud computing belongs to the other end of the spectrum. It is heavily fragmented, with new players entering the game every day.

here is a report from Cloud security aliance which might be usefull https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf