hashicorp · jonathanfrappier · Oct 24, 2025 · Oct 25, 2025 · Oct 30, 2025 · Oct 30, 2025
@@ -393,6 +393,39 @@
           }
         ]
       },
+      {
+        "title": "Secure infrastructure",
+        "routes": [
+          {
+            "title": "Identity is the new perimeter",
+            "path": "secure-systems/infrastructure/identity-new-perimeter"
+          },
+          {
+            "title": "Build a culture of security automation",
+            "path": "secure-systems/infrastructure/build-culture-security"
+          },
+          {
+            "title": "Manage network ingress and egress",
+            "path": "secure-systems/infrastructure/manage-network-ingress-egress"
+          },
+          {
+            "title": "Build a zero trust network",
+            "path": "secure-systems/infrastructure/build-zero-trust-network"
+          },
+          {
+            "title": "Secure human access to infrastructure",
+            "path": "secure-systems/infrastructure/secure-access"
+          },
+          {
+            "title": "Prevent lateral movement",
+            "path": "secure-systems/infrastructure/prevent-lateral-movement"
+          },
+          {
+            "title": "Automate security compliance",
+            "path": "secure-systems/infrastructure/automate-security-compliance"
+          }
+        ]
+      },
       {
         "title": "Secure secrets",
         "routes": [
@@ -431,10 +464,6 @@
           }
         ]
       },
-      {
-        "title": "Prevent lateral movement",
-        "path": "secure-systems/prevent-lateral-movement"
-      },
       {
         "title": "Validate software integrity",
         "path": "secure-systems/validate-software-integrity"

@@ -0,0 +1,128 @@
+---
+page_title: Build a culture of security automation
+description: Learn how to build security into your organization's culture.
+---
+
+# Build a culture of security automation
+
+Security is no longer a separate function in modern
+infrastructure. Organizations must incorporate security in all phases of
+infrastructure deployment and software development lifecycles (SDLC).
+
+Waiting for security teams to manually review and approve changes can lead to
+delays, increased risk of human error, and inconsistent security practices.
+Waiting for audits and compliance checks to verify your security program does
+not allow you to proactively respond to emerging threats, leaving your
+organization vulnerable.
+
+When you build a culture of security automation, you integrate security practices and
+tools into your organization's culture, processes, and workflows. When you
+approach security as a necessary part of your organization's culture, you can
+mitigate security risks more effectively and efficiently.
+
+## What is security automation?
+
+Security automation involves using tools and processes to automate security
+tasks, such as scanning for vulnerabilities, managing secrets, applying
+security patches, and monitoring for threats. You can automate these
+tasks as code, instead of performing the tasks manually. By automating tasks
+like policy provision, or scanning for secrets, your security posture improves.
+
+<VideoEmbed url="http://youtube.com/watch?v=eamE18_WrW0"/>
+
+Another important aspect of security automation and building a culture around
+security is understanding that various compliance standards do not inhibit
+innovation. Its can be easy to blame compliance requirements for slowing down
+development and infrastructure innovation. However, when you teach teams that
+security and compliance are enablers of innovation, giving you the necessary
+guardrails to innovate, you can build a culture that embraces security.
+
+You can adopt security as code practices using HashiCorp Terraform to automate
+the deployment of security [policies as
+code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code)
+in your infrastructure. You can manage policies for HashiCorp Vault, Boundary,
+and Sentinel, as well as policies for public cloud providers and orchestration
+platforms like Kubernetes, and Nomad.
+
+- **Security policies become testable code** - Teams can unit test, peer review, and version control security configurations just like application code.
+- **Prevents configuration drift** - Automated detection when infrastructure deviates from secure baselines, encouraging teams to maintain security standards.
+- **Enables security guardrails** - HCP Terraform can enforce organization-wide security policies that prevent non-compliant infrastructure deployment.
+- **Democratizes security knowledge** - Security configurations are documented in code, making security requirements visible and understandable to all team members.
+- **Creates security feedback loops** - Failed deployments due to security violations become learning opportunities rather than blame events.
+
+This shifts security from being a "blocker" to being an integral part of how you
+design and deploy infrastructure.
+
+Security teams can help shift security left with HCP Vault Radar. Shifting security
+left means software and IaC developers integrate security tools into their
+development process. HCP Vault Radar [scans for
+secrets](/well-architected-framework/secure-systems/secrets/manage-leaked-secrets)
+in source code during development, or once they commit their code to a version
+control system (VCS) such as GitHub.
+
+- **Continuous education** - Integrating scanning into the software development
+  lifecycle helps developers understand how secrets leak.
+- **Immediate feedback** - Real-time alerts when developers commit secrets help
+  improve secure coding practices.
+- **Integration with development workflows** - Security scanning becomes part of
+  the development process, not a separate security audit.
+- **Cross-team visibility** - Security teams can see patterns and provide
+  targeted training based on actual findings.
+
+When used together, HashiCorp tools help you create a security culture for your
+organization. You can integrate each of these tools into common industry
+workflows such as
+[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
+to further automate security practices.
+
+**Developer Experience:**
+
+- Developers get immediate feedback on security issues through their workflows.
+- Security becomes part of the development workflow, not an external gatekeeper.
+- Learning happens in context when teams discover security issues.
+
+**Operations Teams:**
+
+- Infrastructure security through familiar code-based workflows.
+- Security policies enforced and deployed automatically, reducing manual oversight burden.
+- Compliance becomes a byproduct of standard operations rather than a special process.
+
+**Security Teams:**
+
+- Shift from being gatekeepers to being enablers and consultants.
+- Focus on defining policies and standards rather than manual reviews.
+- Gain visibility into security posture across the entire organization.
+
+This creates a culture where security is everyone's responsibility. Security is
+now part of each teams workflows, rather than being an afterthought.
+
+HashiCorp resources:
+
+- [Correlate HCP Vault Radar findings with HCP Vault](/hcp/tutorials/hcp-vault-radar-operations)
+- [Boundary credential brokering with Vault](/boundary/tutorials/credential-management/hcp-vault-cred-brokering-quickstart)
+- [Enforce policies in HCP Terraform using Sentinel](/terraform/tutorials/policy/policy-quickstart)
+
+External resources:
+
+- [NIST cyberssecurity framework](https://www.nist.gov/cyberframework)
+- [Navigating behavioral change in security awareness and culture](https://www.ibm.com/think/insights/security-awareness-culture)
+- [Why Culture Is the First Line of Defense in the Age of Agentic AI](https://www.cio.com/article/4043094/why-culture-is-the-first-line-of-defense-in-the-age-of-agentic-ai.html)
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+build a culture where security is integrated into every aspect of your
+organization's operations. Build a culture of security automation is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
@@ -0,0 +1,33 @@
+---
+page_title: Name...
+description: Description...
+---
+
+# 
+
+HashiCorp resources:
+
+- ...
+
+External resources:
+
+- ...
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
@@ -0,0 +1,133 @@
+---
+page_title: Identity is the new perimeter
+description: Learn how to build a secure infrastructure to secure modern workloads against threats.
+---
+
+# Identity is the new perimeter
+
+In traditional infrastructure, security focused on securing the network perimeter
+using firewalls, VPNs, and other network security tools.
+
+Securing modern infrastructure requires a new approach to security. While most
+of the security principles and tools are still utilized, how you implement a
+strong security program has changed.
+
+Modern infrastructure encompasses a mix of on-premises, cloud, and
+software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
+a shift in focus to securing access to resources using identities, as the network
+perimeter is no longer a reliable security boundary.
+
+Identity has become the new perimeter for securing modern infrastructure.
+Instead of relying on network security tools to secure access to resources,
+organizations must focus on securing user and machine identities. In addition to
+shifting focus to identities, organizations must also ensure all services:
+
+- Follow the principle of [least
+  privilege](/well-architected-framework/secure-systems/identity-access-management/grant-least-privilege),
+  granting the minimum access necessary to perform their tasks.
+- Use [strong authentication and authorization
+  mechanisms](/well-architected-framework/secure-systems/identity-access-management/implement-strong-sign-in-workflows),
+  including multi-factor authentication (MFA), to access resources.
+- Replace long-lived credentials with [ephemeral, short-lived
+  credentials](/well-architected-framework/secure-systems/identity-access-management/use-dynamic-credentials)
+  to reduce the risk of credential theft.
+- Implement a [data classification
+  scheme](/well-architected-framework/secure-systems/data/classify-data) for all
+  services. 
+- Isolate workloads and resources to limit the effect of potential
+  security breaches.
+- Continuously monitor and audit access to resources to detect and respond to
+  potential threats.
+
+<VideoEmbed url="https://www.youtube.com/watch?v=JrYBni2ojyE"/>
+
+In the secure infrastructure section, you will learn how to adapt your security
+program to support modern infrastructure using identities and automation to
+establish a zero trust architecture.
+
+## Why you should use identity as a security perimeter
+
+Every user, machine, or service has an identity. Leveraging the identities of
+your users through an identity provider (IdP) allows you to manage access to resources
+more effectively. You can also leverage trusted platforms such as your cloud
+provider, or self-managed infrastructure-as-a-service (IaaS) platforms to verify
+a workloads identity.
+
+By adopting identity as the new perimeter, organizations can build a more secure
+infrastructure that is better equipped to handle the challenges of modern
+workloads.
+
+Shifting security focus to identities provides several benefits:
+
+- **Improved security**: By focusing on securing identities, organizations can
+  better protect against threats such as phishing, credential theft, and
+  insider threats.
+- **Greater flexibility**: Identity-based security allows organizations to
+  securely manage access to resources across a mix of on-premises, cloud, and
+  SaaS workloads.
+- **Enhanced user experience**: Identity-based security can provide a more
+  seamless user experience, reducing the need for users to remember multiple
+  passwords or navigate complex network security tools.
+- **Better compliance**: Identity-based security can help organizations meet
+  regulatory requirements by providing better visibility and control over
+  access to sensitive data and resources.
+
+<VideoEmbed url="https://www.youtube.com/watch?v=5uNifnVlBy4"/>
+
+HashiCorp Vault allows you to adopt ephemeral, dynamic credentials - replacing
+long-lived credentials with short-lived ones to reduce the risk of credential
+theft. Vault dynamic credentials support multiple cloud providers like Amazon Web
+Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), as well as
+databases like MySQL, PostgreSQL, and MongoDB.
+
+HashiCorp Boundary provides identity-aware access without requiring
+network-level trust. Instead of opening firewall ports or managing VPN
+connections, Boundary verifies user identity and grants just-in-time access to
+specific resources based on their authenticated identity and assigned
+permissions.
+
+You can further enhance your security posture by integrating Vault and Boundary
+to allow identity based access to target resources without exposing or sharing
+the targets credentials. Users authenticate to Boundary through a trusted
+identity provider, and Boundary retrieves dynamic credentials from Vault to
+access the target resource.
+
+HashiCorp Terraform enables you to manage identity [policies as
+code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code),
+ensuring consistent security configurations across all environments and making
+your identity perimeter auditable and version-controlled.
+
+HashiCorp resources:
+
+- [Get started with Boundary](/boundary/tutorials/get-started-hcp)
+- [Get started with Vault](/vault/tutorials/get-started)
+- [Generate dynamic secrets in Vault](/vault/tutorials/db-credentials)
+- [OIDC authentication to Boundary using Okta](/boundary/tutorials/identity-management/oidc-okta)
+- [OIDC authentication to Vault using Okta](/vault/tutorials/auth-methods/vault-oidc-okta)
+- [Connect to Kubernetes using Boundary and Vault](/boundary/tutorials/kubernetes-connect)
+
+External resources:
+
+- [What is identity and access management (IAM)?](https://www.ibm.com/think/topics/identity-access-management)
+- [Zero trust architecture](https://www.nist.gov/publications/zero-trust-architecture)
+- [The real AI risk isn’t AGI — it’s unregulated machine identity](https://www.cio.com/article/4075672/the-real-ai-risk-isnt-agi-its-unregulated-machine-identity.html)
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter) **(this document)**
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).