Cloud services are moving further up the stack (from traditional Infrastructure-as-a-Service) and providing more tools to help build and assess the security of code deployed by customers. These services help identify deviations from security best practices in applications, before and during deployments. They can be integrated into your DevOps process to automate assessment reporting as you are moving through the deployment pipeline. AWS Inspector, Azure Security Center Qualys cloud agents, and Cloud Security Scanner provide some or all of the features noted previously.

Moving further up the stack, cloud services are also providing users  with the ability to natively discover, classify, and protect sensitive data stored in cloud environments. These services utilize machine learning to perform these classifications on a large scale, without the need for human supervision. By continuously monitoring the cloud environment, administrators can be confident that business critical data (such as PII, PHI, API keys, and secret keys) are automatically detected and proper action is taken based on notifications. AWS's Macie, Azure Information Protection, and the Google Cloud Data Loss Prevention API allow users to discover and redact sensitive data within the environment.