Intel IT’s multi-cloud strategy focuses on abstracting the application stack from the infrastructure to enable anything-as-a-service (XaaS) capabilities. This approach helps to accelerate innovation and allow application developers to focus on writing code, not rounding up compute, storage, and network resources, while IT handles workload placement. However, information security is still paramount... in our continual quest to drive business agility. We have found the following key steps enable us to maintain a high level of security while supporting our multi-cloud strategy: Approach security holistically and understand that not all clouds are the same; utilize existing investments and new technologies to drive security operational excellence and key performance indicators; establish distributed accountability; secure sensitive workloads; and encourage collaboration between the application development community, business units, and IT groups. While IT creates many of the applications and services in use at Intel, many more are developed by Intel’s several lines of business, such as product development, validation, or sales. In our experience, security can be better maintained if we make our security controls easy for business application owners to use and understand. Establishing and maintaining good cloud security is not a sprint—it is a marathon. Read on to learn about our cloud security experiences as we continue our journey to multi-cloud.