Cloud computing adopts the Internet to deliver information services to open networks via deployment of large scale of platforms, in which commercial data on the clouds might become targets of network attacks. How to eliminate the worries about information security on cloud services, raise the confidences on information security management of IDC is a crucial issue in cloud computing. It might lead to disclosure of confidential information and serious damage to business reputation, if enterprises neglected assessing the risks of cloud services. Thus, enterprises need systemically assess the operational risks with the proposals of IDC by comparing distinct cloud provider solutions, when decided to adopt the cloud services. Available risk models are more suitable for assessing the risk of information assets based on a series of specific threat events. It is necessary to adjust the risk model to effectively assess the risks of cloud services via analyzing the effects of multiple interleaved attacks from the view of asset operation flow perspective. Therefore, a fuzzy risk assessment model is proposed to evaluate the risks of cloud security in a dynamic environment using Fuzzy Petri Net (FPN) by adopting ISO/IEC 27001 standard. Finally, an illustration case of risk assessment of cloud services in Internet Data Center (IDC) is given to demonstrate our approach. From numerical illustrations, our approach effectively outranks the risks of cloud services, especially when they are deployed and updated their information in a distributed deployment.