Multi-Tenancy Security in IoT-Cloud Systems: Challenges, Mitigations, and Future Directions

The rapid convergence of the Internet of Things (IoT) and cloud computing has intensified reliance on multi-tenancy, a model that enables resource sharing to enhance scalability and reduce costs. However, this shared infrastructure introduces significant security vulnerabilities, particularly at the intersection of IoT's resource-constrained devices and the cloud shared environment. While existing literature has addressed IoT or cloud security separately, a significant research gap exists in analyzing the specific risks of multi-tenancy in these integrated systems. This review synthesizes recent research on mitigation techniques to address security and privacy challenges in multi-tenant IoT-cloud environments. We provide a comprehensive classification of threats, including inter-tenant data leakage, side-channel vulnerabilities, and privilege escalation. Our analysis reveals a persistent security-performance trade-off that limits the widespread adoption of robust defenses in resource-constrained IoT environments. Current mitigation techniques, including access control models and AI-driven detection systems, incur significant computational overhead. This makes them impractical for numerous IoT applications with constrained processing and energy resources. This review analyzes the limitations of existing approaches and identifies key architectural gaps. In this paper, we present a roadmap of emerging solutions to resolve this security-performance trade-off. This work emphasizes the integration of Zero Trust Architectures (ZTA) for continuous verification, adaptive AI for real-time threat detection, blockchain for immutable audit trails, and the adoption of Post-Quantum Cryptography (PQC) as essential strategies to secure the next generation of mul-ti-tenant IoT-cloud infrastructures.