International Journal of Science, Engineering and TechnologyAuthors: Aryvik Patil
Abstract: The convergence of the Internet of Things (IoT) and Cloud Computing has revolutionized data-driven industries, yet it has simultaneously introduced an expansive and complex attack surface. This review article provides a comprehensive analysis of the security and privacy landscape within Cloud-IoT systems from a risk management perspective. We categorize vulnerabilities across a multi-layered taxonomy, spanning the physical perception layer, the communication network layer, and the virtualized cloud layer. By examining the inherent conflict between the resource constraints of IoT devices and the high overhead requirements of traditional cloud security, this article highlights the necessity of shifting toward a decentralized, risk-based defense strategy. We evaluate the efficacy of current risk management frameworks, such as STRIDE and ISO/IEC 27001, in identifying and mitigating threats unique to cyber-physical systems. Furthermore, the review explores advanced technical solutions, including lightweight cryptography, edge-based anomaly detection using machine learning, and the application of blockchain for decentralized identity management. Through various case studies in smart healthcare and industrial automation, we demonstrate how risk priorities shift across different vertical applications. The article concludes by identifying future research directions, such as post-quantum cryptography and autonomous self-healing security agents, emphasizing that the long-term viability of Cloud-IoT ecosystems depends on the integration of security-by-design principles and a continuous lifecycle of risk assessment.
DOI: https://doi.org/10.5281/zenodo.18221767
