Since the term first coined in 1999, the Internet of Things (IoT) has gained significant momentum in connecting physical objects to the Internet and facilitating machine-to-human and machine-to-machine communications. By offering the capability to connect and integrate both digital and physical entities, IoT becomes an important paradigm that enables a whole new class of applications and services. Security is one of the most challenging issues that need to be addressed before these IoT applications and services can be fully embraced. In this survey, we investigate the major research efforts over the period of 2013-2019 that address IoT security and privacy issues. We provide extensive discussions on securing cloud-based IoT solutions. The main focus of these discussions is on securing the information in transit between IoT devices and IoT applications, where most of the data processing and modelling tasks take place. These discussions include all security aspects and challenges facing the data in transit. Specifically, a number of common attacks that target IoT solutions are first discussed, while presenting the main challenges of IoT security (e.g., the resource limitation of IoT devices, which hinder the ability of such devices to do expensive computations for securing the data). Then we present the main security requirements needed by IoT systems, which include access control, integrity, and authentication. We review recent research work in providing security and privacy services, which delegate the expensive computations to an edge or cloud, to cope with the low computations restrictions in IoT devices. Open research issues and possible research directions in securing cloud-based IoT systems are discussed, while proposing some possible solutions.