Abstract
Cloud applications have transformed the data into various stored, processed, and accessed forms. However, they remain vulnerable to cyber threats, including unauthorized access and security breaches. Traditional login methods, such as passwords, often fail to provide strong protection against attacks like credential theft, brute force attempts, and session hijacking. This paper introduces a Two-Stage Authentication and Authorization Protocol (TS-AAP) to improve security. The first stage uses multi-factor authentication (MFA), requiring users to verify their identity with a combination of credentials, such as passwords, one-time passwords (OTPs), or biometric authentication. The second stage applies role-based access control (RBAC) and behaviour analysis to ensure that only authorized users can access specific cloud resources. This approach follows predefined security policies and continuously monitors user activity in real-time. By combining these two layers of security, TS-AAP effectively prevents unauthorized access, reduces identity spoofing risks, and strengthens data protection in cloud applications. Experimental results show that the system improves authentication accuracy to 98.2%, lowers unauthorized access attempts by 90%, and reduces authentication time to just 1.8 seconds. These findings confirm that TS-AAP is a reliable and efficient solution for enhancing cloud security and protecting sensitive data from modern cyber threats.