IT admins and security teams have always played their parts in keeping systems secure—though often in relative isolation of each other. Security teams are usually IT admins and security teams have always played their parts in keeping systems secure—though often in relative isolation of each other. Security teams are usually comprised of policy and audit groups, threat hunters, and incident response teams. Meanwhile, the operational burden of security and compliance frequently falls on IT admins who are not necessarily security oriented. As more applications and workloads become cloud-native, organizations need a new approach that facilitates cohesion between both teams. This whitepaper covers the key constructs to enable both security and IT teams to proactively reduce the attack surface, harden assets, simplify operations, and share the workload of workload security.