A B S T R A C TThe cloud computing delivers services of processing data by using parallel and high computational processors virtually and remotely. This is very useful and beneficial to enterprises that have limitations in terms of processing resources, data storages and man power. However, one of the main challenge in cloud computing is data security. Supposed each user has an access to the domain based on the privilege given by the server. However, an attacker always has the opportunity to bypass the privilege by exploring and exploiting every vulnerability and threat found in the cloud computing environment. A systematic approach to identify vulnerabilities and threats is thus very important to ensure only authorized party is allowed to access the data. In this study, several approaches of vulnerability and threat modeling are reviewed and found that none of them is suitable for the cloud computing environment. Therefore, authors presented a dynamic model of identifying vulnerabilities and threats in the cloud computing environment. The proposed model enables the organization to systematically identify vulnerability and threats and analyze the security risk when they use cloud computing services.