Organizations that migrate to cloud environments often assume that the cloud provider handles security tasks. This is partially true, but the cloud consumer still has a vital role to play, especially if a cloud environment is used for developing or hosting applications. Often, security focuses only on the controls associated with identity and access management (IAM), networking, and infrastructure components. But if the application software running on these components is insecure, then the organization's data is also insecure. This chapter will discuss the processes needed to secure the software through the application development lifecycle.

Advocate Training and Awareness for Application Security