The adoption of Microsoft SDL and SAMM in Joyce's case may apply security on top of the framework provided by the cloud service provider. It's always suggested we build security practices based on existing business processes, or to have the security tools integrated to the existing CI or CD framework.
Most cloud service providers provide related cloud security services. In Joyce's case, familiarity with the security services provided by the cloud service provider, as well as how they apply to her e-commerce applications, will help to build a security foundation. In addition, most cloud service providers have been certified with security standards for IaaS and PaaS. This means that Joyce only needs to focus on the data ...