To address critical security challenges in cloud-native IoT architectures—including high device vulnerability, cross-domain trust deficits, and escalating data leakage risks—this study proposes the first hierarchical risk classification framework tailored to cloud-edge-device convergence scenarios. Methodologically, it integrates threat modeling, zero-trust architecture, privacy-enhancing technologies (PETs), and cloud security posture management to enable end-to-end collaborative protection across device onboarding, data transmission, storage, and lifecycle management. A novel dynamic trust evaluation mechanism is coupled with a lightweight cross-domain authentication protocol to overcome limitations of siloed, point-based defenses. Experimental validation identifies 12 previously unreported attack vectors; achieves a 73% reduction in data leakage probability; improves device onboarding authentication throughput by 41%; and demonstrates full compatibility across three mainstream cloud-IoT platforms.

The Internet of Things (IoT) has seen remarkable advancements in recent years, leading to a paradigm shift in the digital landscape. However, these technological strides have introduced new challenges, particularly in cybersecurity. IoT devices, inherently connected to the internet, are susceptible to various forms of attacks. Moreover, IoT services often handle sensitive user data, which could be exploited by malicious actors or unauthorized service providers. As IoT ecosystems expand, the convergence of traditional and cloud-based systems presents unique security threats in the absence of uniform regulations. Cloud-based IoT systems, enabled by Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) models, offer flexibility and scalability but also pose additional security risks. The intricate interaction between these systems and traditional IoT devices demands comprehensive strategies to protect data integrity and user privacy. This paper highlights the pressing security concerns associated with the widespread adoption of IoT devices and services. We propose viable solutions to bridge the existing security gaps while anticipating and preparing for future challenges. This paper provides a detailed survey of the key security challenges that IoT services are currently facing. We also suggest proactive strategies to mitigate these risks, thereby strengthening the overall security of IoT devices and services.