These articles may address some of your concerns:

Sinjilawi, Y. K., Al-Nabhan, M. Q., & Abu-Shanab, E. A. (2014). Addressing Security and Privacy Issues in Cloud Computing. Journal of Emerging Technologies in Web Intelligence, 6(2).

Singh, J., Pasquier, T., Bacon, J., Ko, H., & Eyers, D. (2016). Twenty security considerations for cloud-supported Internet of Things. IEEE Internet of Things Journal, 3(3), 269-284.

Elnagdy, S. A., Qiu, M., & Gai, K. (2016, June). Cyber incident classifications using ontology-based knowledge representation for cybersecurity insurance in financial industry. In Cyber Security and Cloud Computing (CSCloud), 2016 IEEE 3rd International Conference on (pp. 301-306). IEEE.

Tang, Z., & Pan, Y. (2016). Big Data Security Management. Big Data: Concepts, Methodologies, Tools, and Applications: Concepts, Methodologies, Tools, and Applications, 247.

I would suggest that the problems faced by any applications running in the cloud are no different to the same applications running in a local data centre.

1. First factor authentication is by means of username/password

2. The password is fixed, and transmitted in clear.

3. There is no second/third factor authentication

4. In most cases, the cloud-based data is unencrypted

5. Even if the cloud-based data is encrypted, the encryption-key management is open to abuse by privileged users, and theft by determined hackers.

My project ("IDaaS with secure data-at-rest") has addressed all of these issues and others. Please feel free to browse it, or see my website for more details.

Sorry, I thought that would make a link. Here it is:

https://www.researchgate.net/project/IDaaS-with-secure-data-at-rest?_sg=c4HHGOTTr4D6xPqRcy-4Du_QJI78_HI-SBzFz_Na3ILfc56jl3uWx-D3GSW_rAwNwnbtJgoY7X_vR3Zy4CYKOdDP-Wnn183WGMm3