Creating a robust user identity and authentication model in your application logic layer is of course a critical layer of security as well. It can be difficult to write a secure user store from scratch, but with PaaS, you have access to comprehensive Identity and Access Management tools.
You can incorporate reliable, well-tested, and highly maintained identity providers like Salesforce, Live.com, or Google as your identity provider. Additional features like Microsoft's Azure Active Directory allows you to incorporate Multi-Factor Authentication right out of the box for added security. All of these features come at little to no cost and, like the security above, are relatively trivial to implement.
There is no magical silver bullet to make a secure system, nor is there such a thing as 100 percent security. To secure our data and processes as much as possible requires many layers of redundant security. We thwart attacks by forcing malicious actors to deal with them all in turn.
Public PaaSes perform much of that legwork for us, and the things they cannot implement for us, they offer tools and features that make them as turnkey as possible. Having the PaaS provider as your ally in system protection affords us much greater security than we could achieve on our own.
Sign up for CIO Asia eNewsletters.