Cloud Computing paradigm needs a standard for portability, and automated deployment and management of cloud services, to eliminate vendor lock-in and minimization of management efforts respectively. Topology and Orchestration Specification for Cloud Applications (TOSCA) language provides such standard by employing semantics for representation of components and business processes of a cloud application. Advancements in the fields of Cloud Computing and Internet of Things (IoT) has opened new research areas to support 4th industrial revolution (Industry 4.0), which in turn has resulted in the emergence of smart services. One application of smart services is predictive maintenance, which enables the anticipation of future devicesí states by implementing functions, for example, analytics algorithms, and collecting huge amounts of data from sensors. Considering performance demands and runtime constraints, either the data can be shipped to the function site, called data shipping or the functionality is provisioned closely to the data site, called function shipping. However, since this data can contain confidential information, it has to be assured that access to the data is strictly controlled. Although TOSCA already enables defining policies in general, a concrete data security policy approach is missing. Moreover, constituents of TOSCA are packaged in a self-contained and portable archive, called Cloud Service Archive (CSAR), which is also required to be secured and restricted to authorized personals only. Taking the above facts into account, the goal of this thesis is to refine and enhance the TOSCA standard to the field of smart services in production environments through the usage of policies, for example, being effectively able to define the security aspects. In this thesis, various available policy languages with frameworks supporting them are researched, and their applicability for the field of Industry 4.0 is analyzed. An approach is formulated with one language selected, to define policies for TOSCA compliant cloud applications. Furthermore, a prototype is developed to secure the content of CSAR using the proposed approach.