I've been asked to create application security standards for cloud applications. However, I am at a bit of a loss as to how those standards would differ from existing standards for web applications and general application security.
When I consider cloud native services, such as logic apps, azure functions, or lambda functions, they are very similar to APIs in that we can invoke them via an endpoint.
Our security controls for access to cloud resources don't really fall into "application security" as I see it. Besides, we have other teams and polices for that work.
Do you guys treat cloud application security differently?