Abstract
The confluence of the Internet of Things (IoT) and cloud computing heralds a paradigm shift in data-driven applications, promising unprecedented insights and automation across critical sectors like healthcare, smart cities, and industrial automation. However, this transformative synergy introduces a complex tapestry of security vulnerabilities stemming from the intrinsic resource limitations of IoT devices and the inherent complexities of cloud infrastructures. This survey delves into the escalating threats—from conventional data breaches and Application programming interface (API) exploits to emerging vectors such as adversarial artificial intelligence (AI), quantum-resistant attacks, and sophisticated insider threats—that imperil the integrity and resilience of IoT–cloud ecosystems. We critically evaluated existing security paradigms, including encryption, access control, and service-level agreements, juxtaposed with cutting-edge approaches like AI-driven anomaly detection, blockchain-secured frameworks, and lightweight cryptographic solutions. By systematically mapping the landscape of security challenges and mitigation strategies, this work identified the following critical research imperatives: the development of standardized, end-to-end security architectures, the integration of post-quantum cryptography for resource-constrained IoT devices, and the fortification of resource isolation in multi-tenant cloud environments. A comprehensive comparative analysis of prior research, coupled with an in-depth case study on IoT–cloud security within the healthcare domain, illuminates the practical challenges and innovative solutions crucial for real-world deployment. Ultimately, this survey advocates for the development of scalable, adaptive security frameworks that leverage the synergistic power of AI and blockchain, ensuring the secure and efficient evolution of IoT–cloud ecosystems in the face of evolving cyber threats.