According to ISO 27001, a threat is a potential event. When a threat turns into an actual event, it may cause an undesirable incident. It is undesirable because the incident may harm an organization or a system, causing a security incident and/or the violation of users’ privacy. Existing attempts to classify threats identi ed in cloud environments are either based on major cloud dependencies (such as the network or the shared memory of VMs) or on the use of various risk assessment tools , like CRAMM and Octave [2,3]. e classi cation method presented in this chapter uses three distinct categories: threats related to the infrastructure, threats related to the service provider, and generic threats. e key objective of the proposed classi cation is to lessen the burden on the cloud administrators in securityrelated issues, by pointing out the major problems that emerge and thus saving them time and money.