When deadlines loom, you sacrifice security features in order to move the application more quickly into production. This reaction often results in a substandard application. A more proactive solution is to establish a Software as a Service (SaaS)-oriented web application vulnerability mitigation policy that anticipates application trouble spots and contains several pre-configured solutions to repair them.
Crafting any security policy requires planning ahead of time to resolve the issues on how purpose, scope, and background of the policy should be stated: Since data obviously stands more of a chance being exposed in a cloud environment, building a cogent web application security policy is a given. Developers should communicate with the both the cloud service consumer and provider on the issues of how much control a consumer should have, what actions the provider should take and what constraints to the policy are. Most important of all, the consumer should get a copy of the security policy (as well as those copies of the threshold policies) from the provider for review and questions to be resolve before negotiating with the provider.