Security ensures an application does not disclose information incorrectly or provide functionality outside of intended use. Security includes both malicious and accidental actions. With cloud applications and increasing use of a wide range of identity providers, restricting access to only approved users is often challenging.

End-user authentication and authorization requires design and planning as fewer applications run in isolation, and it is common for multiple identity providers, such as Facebook, Google, and Microsoft, to be used. In some instances, patterns are used to provide access directly to resources for improved performance and scalability. Furthermore, other patterns are concerned with creating a virtual wall between clients and applications.