Since the introduction of cloud computing as a standard solution for data storage and software hosting, new security measures have been developed, and data laws and compliance regulations have become more stringent. In this thesis, the exploration of compliance and regulatory documents, interviews of industry professionals, and thematic analysis of interview data  uncover some industry-preferred implementation practices that will help to ensure compliance and cloud security for applications and data storage on the cloud. Industry professionals' opinions are put into context and compared to compliance regulations.

Key findings include a list of implementation practices through thematic analysis of interview data put into themes. These include encryption, security controls, life-cycle management, and audits. The findings' importance is a list of practices or actions that any developer can proactively adapt for the cloud and know that it is a viable implementation to remain secure. The limitations and scope is related to cloud systems and software engineering, and the list extracted from the interview data is not an all-encompassing solution for cloud security.  Furthermore, the raw interview data will assist future research into this topic.