Recently, the rising of cloud computing has drawn each industry’s attention. While cloud computing creates some opportunities for industries, it also encounters many challenges. According to the result of Institute for Information Industry’s research about large company’s concern when considering using cloud-based services in Taiwan, “the existence of information systems security problem” accounts for 38.5%, being the top 1 of all of the concerns. It shows that many corporations have little confidence in security protection provided by cloud service provider, thus information systems security problem becomes the primary factor affecting user’s will to adopt cloud-based services This study’s objective is to find out which security and risk factors will affect user’s will to use or establish cloud-based services and how these factors affect users in their unique contexts. For the influence factors, this study adopts “Top 7 Threats to Cloud Computing” introduced by Cloud Security Alliance: insecure interfaces and APIs, malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, auditing and evidence gathering, unknown risk profile, and 8 risk fields for information technology investment collected by Benaroch et al.（2006）: costs, benefits, project, function, organizational, competition, environmental, technological. There are overall 15 security and risk factors proposed. This study use multiple case studies as methodology, choose 7 companies and 1 school as our case study subjects, and judge their security concerns as for cloud computing. We also justify our selection of factors influencing the willingness to adopt cloud-based services. The results of analyses show that malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, unknown risk profile, and function risk factors will severely and negatively affect users’ willingness, which means their affecting level is high. The negative affecting level of project risk, environmental risk, and technological risk is medium. The negative affecting level of auditing and evidence gathering, insecure interfaces and APIs, costs, benefits, environmental risk, and competition risk is relatively low. Last, with an integration view, this study constructs some recommended steps in risk management for cloud computing environment. Based on the service adopting process, we propose a three-stage (before a contract, period of signing a contract, after a contract) security and risk assessing steps and come up with some suggestions. We hope the risk assessments provided by this study can be a useful reference for those companies that are willing to use this new IT.