Security in cloud is a shared responsibility of cloud provider and its user. In a shared responsibility model you need to rethink security on what your responsibility is and what cloud providers responsibilities are as breech of this security can impact to your application and can be largely impact cloud infra as well.
Security in PAAS
In Platform-As-A-Service when you look at PAAS where your building applications and migrating data to the cloud you’re responsible for securing the applications the workload and the data where the cloud provider is responsible for managing the security of the platform, so that it is should be compliance with IT security from the perspective of network and the platform. As in the PAAS you may be the customer who develops the application for a sandbox having limited supported languages and configuration options. The cloud provider offers the computing infrastructure, operating systems, middleware, and preinstalled software packages to facilitate running your applications.
A major security risk is an application breaking out from its sandbox. Containers were not originally designed to be secure against breakout. Programming language sandboxes have been found to be even more fragile
Infrastructure-As-A-Service, is the traditional cloud model where the cloud service provider offers virtual machines, containers or a serve-less computing services also offer databases as a service.
Security of any service run in the cloud depends on the security of the cloud infrastructure as well like, it is not possible to protect a virtual machine or a container or a server-less computing sandbox against a compromised hypervisor. Hence , breaches involving the infrastructure are a major additional security concern beyond those facing traditional servers, however the cloud service provider will generally keep its infrastructure well patched and properly configured, and thus the risk of certain exploitable vulnerabilities is reduced.
Security for SAAS
Software-As-A-Service is most common services are being used now a day hence safety of user data in subscription-based software security is one of the major concern, SaaS providers access, manipulate, and analyze scads of customer data. If you fail to keep that data safe as a SaaS founder, it will have a direct and lasting impact on your user experience.