这是因为在这个框架内的某些威胁被归类为中间人的攻击。这还包括网络钓鱼、嗅探、窃听和其他类似方式的攻击。分布式拒绝服务(DDOS)是最常见的攻击之一，但它是主要的云计算基础设施攻击。这种众所周知的攻击可能会给云计算带来潜在的问题，因为将其缓解作为一种选择是没有例外的(Pasupuleti et al.， 2016)。虚拟机的安全性在很大程度上决定了云环境的安全性和完整性。认证、会计和加密都是安全计算实践的一部分，它们可以包含在云计算安全的关注点中。然而，重要的是要在这方面区分安全和危险的关切。例如，供应商的锁定可以被视为基于云的服务中可能存在的风险因素，而这些服务不一定与安全方面相关(Subashini和Kavitha, 2011)。另一方面，特定操作系统类型的使用可能会对本质上被视为安全风险的安全性造成威胁，这种操作系统可以是开源的，也可以是专有的。
This is because certain threats within this framework are classified as attacks by man in the middle. This further includes phishing, sniffing, eavesdropping and other attacks of similar manner. Distributed denial of service known as DDOS is one of the most common attack but it is major cloud computing infrastructure attack. This well-known attack can cause potential issues for the cloud computing as there are no exceptions for its mitigation being considered as an option (Pasupuleti et al., 2016). The virtual machine’s security defines the level of security and integrity of the environment of cloud to a great extent. Authentication, accounting and encryption all are part of the safe computing practice, they can be included within the concerns for cloud computing security. However, it is of high importance that the concerns of security and risks are distinguished to this respect. For an instance, lock-in of vendor can be regarded as possible risk factor within the services based on cloud that does not have to be associated to the aspects of security necessarily (Subashini and Kavitha, 2011). On the other hand, usage of particular operating system type can pose threat to the security that is essentially considered as security risk, such operating systems can be open source vs. proprietary.
According to Mark (2009), other instances of organizational risk within cloud computing can be regarded as unavailability of service, licensing issues, business discontinuity of the provider which does not lie within the concerns of security from the technical standpoint. As per Mariam (2010), therefore, the concern of security will always be considered as a risk of some manner while any risk is not associated with the concern of security. Responsibilities allocation amid the involved parties within the infrastructure of cloud computing may lead to facing inconsistency that may result in eventual instance of vulnerabilities within security. Similar to scenario of any other network, the insider-attack provision remains a threat of valid nature within the cloud computing (Rittinghouse and Ransome 2016). Any tools of security or software utilized within the environment of cloud may have loopholes in terms of security that will pose security risks to the infrastructure of the cloud computing itself. The issue with the APIs of third party along with the spammers are the cloud computing environmental threat.