Policy compliance

Cloud services should be compliant with useful standards for their customers. A typical example of data protection on the cloud is the GDPR (General Data Protection Regulation) requirement. This requirement ensures that systems should adhere to specific data protection and privacy principles for operations within a European Union (EU) member state.

As a result, the security teams for cloud service providers operating in the EU must ensure that their services are GDPR compliant to prevent legal issues.

Infrastructure and application security

Providers secure their operating system and physical infrastructure in the cloud while PaaS customers secure their applications and data.

However, when building a cloud application that will be hosted on this infrastructure, some best practices take us steps closer to meeting our applications security objectives, including:

Threat modeling

This engineering process allows us to identify possible threats, vulnerabilities, and attacks in our application. If there are design flaws that attackers can take advantage of, the team would learn about that during this process. Incorporating threat modeling as part of an engineering process allows teams to enhance security and mitigate identified threats.

Get hands-on with 1400+ tech skills courses.