Platform-as-a-service (PaaS) is a kind of cloud computing service in which, rather than having to build and maintain their own infrastructure, a client is able to develop, run, and manage applications on a platform that is provided by a third-party provider. The provider hosts both software and hardware, freeing the client from having to install and handle them in-house.
You have many attack vectors.
Firstly, there are the attack vectors that are part of your application and environment but these will be the same independent of where you are.
Beyond that you have the following ones:
1) Anybody with access to the PaaS infrastructure either internal or external.
2) Accidental mistagging of data (think of accidentally setting an S3 bucket as public).
3) The provider monetizing your data (take a look at the troubles currently surrounding Oracle)
4) large cloud providers are subject to constant attacks because they are well-known addresses.
Private systems are still subject to attacks but not on the same level of intensity or as often by serious hackers.
The best solution for PaaS protection is always native tools... from the CSP.