Cloud computing presents the IT industry not only with exciting opportunities, but also with significant challenges since consumers are reluctant to adopt cloud computing solutions in the absence of firm guarantees regarding the security of their information. Network attacks such as APT attacks present a serious obstacle to consumer acceptance of cloud service project nowadays. Accordingly, the present study proposes a project risk assessment scheme and constructs a risk evaluation matrix based on the security framework followed by both Cloud Security Alliance (CSA) and European Network and Information Security Agency (ENISA). In addition, the risk priorities of attributes are rationally evaluated by fuzzy analytic hierarchy process (FAHP) method in the risk assessment process. Overall, the results confirm that the proposed method provides an effective means of recognizing the risk attributes and their risk priorities, deciding the allocation of risk budget, and reducing the impact of potential risk for enterprises.