Chapter 15, “Governing the Cloud,” examines the process of governing cloud operations to confirm that applications work correctly and without potential malicious modification by an external source. A web service is program code that resides on a server that may belong to the company whose programs use the service, or the web service may reside on a server owned by a third party. Before a developer uses a web service within an application, the IT staff should ensure that the web service implementation and deployment satisfy their policies and procedures. They may include requirements such as these:
The solution must be developed and deployed by a reputable company.
The solution cannot be dynamically changed or updated without the company’s notification and approval.
The solution must provide secure communications to avoid threats such as a man-in-the-middle attack.
The solution must be scalable to meet potential demand.
It must be possible to validate the web service results as correct.