* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [AppSec](https://www2.paloaltonetworks.com/blog/cloud-security/category/appsec/)
* Accelerate Secure Develop...

# Accelerate Secure Development by Automating Delivery of a Compliant Cloud Infrastructure

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-infrastructure-terraform-integration%2F)  
[](https://twitter.com/share?text=Accelerate+Secure+Development+by+Automating+Delivery+of+a+Compliant+Cloud+Infrastructure&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-infrastructure-terraform-integration%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-infrastructure-terraform-integration%2F&title=Accelerate+Secure+Development+by+Automating+Delivery+of+a+Compliant+Cloud+Infrastructure&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/secure-cloud-infrastructure-terraform-integration/&ts=markdown)  
\[\](mailto:?subject=Accelerate Secure Development by Automating Delivery of a Compliant Cloud Infrastructure)  
Link copied  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde")  
Sep 09, 2025  
5 minutes  
[AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

*Build faster (without leaving cracks in the foundation).*

Imagine constructing a skyscraper and inspecting the steel beams only after the top floor is complete. Discovering a structural flaw that late would grind progress to a halt and rack up massive costs to fix. For many enterprises, that's exactly what happens with cloud infrastructure today. Not wanting to hinder development, security teams focus on remediating issues once they reach production, forcing lengthy and expensive rework when issues are found.

Shift left promised a better way by implementing security earlier so issues are fixed before they become costly problems. But anyone who's lived the reality knows that, while obvious in theory, shift left is difficult in practice. Developers want speed. Security wants assurance. Ops wants stability. In practice, though, speed too often wins and guardrails are left unused, which means misconfigurations and compliance gaps can slip into production.

Going back to our skyscraper, this is like spotting a structural flaw during construction. Instead of fixing it, the team decides to press on with plans to address it later to avoid slowing the build. This of course makes correcting the flaw far more complex.

Embedding prevention-first AppSec into infrastructure provisioning allows teams to replace lengthy production remediations with quick, early fixes, which accelerates secure deployments while clearing security backlogs.

## **Faster? Yes! Secure? Challenging.**

Cloud adoption has unlocked incredible agility, but it's also introduced complexity. Enterprises now juggle hybrid and multicloud environments, each with its own tooling, policies and compliance requirements. Developers often build applications without full context of the underlying infrastructure. Platform teams are tasked with quickly creating infrastructure as code (IaC) configurations, though they're often not fully aware of all the relevant security standards and regulations, as these typically fall to security teams. Meanwhile, security teams lack visibility into what's being built until it's too late.

It's like trying to weed a garden after it's already overgrown. What could have been handled with a quick pull request early on now requires hacking through thorns and vines, slowing delivery and introducing unnecessary risk.

Without a new approach, organizations remain stuck --- delivery slows, costs climb and compliance obligations loom larger by the day.

## **Meet Developers Where They Are**

Cortex Cloud™ Application Security takes prevention-first to the next level. By unifying visibility across code, application infrastructure and cloud runtime, Cortex Cloud gives teams context-rich insights that surface the risks that matter most. AI-driven prioritization ensures developers focus on critical issues, reducing noise and preventing alert fatigue.

Equally important is the Open AppSec Partner Ecosystem, which enables organizations to integrate security seamlessly into existing development workflows. Developers don't have to abandon the tools they already use or change how they work. Instead, security is embedded in pipelines in a way that preserves velocity while ensuring compliance. This combination allows teams to build security in from the start, eliminating vulnerabilities before they reach production.

## **Cortex Cloud and HashiCorp Terraform: Securing Cloud Infrastructure by Default**

Cortex Cloud changes the equation by embedding security directly into developer workflows. The solution correlates deep context across code, application infrastructure and cloud runtime, giving teams the ability to define precise prevention policies, surface what matters and automate remediation workflows.

When paired with [HashiCorp Terraform](https://technologypartners.paloaltonetworks.com/English/integration/Cortex-Cloud-HashiCorp), this becomes a powerful tool for organizations. Terraform standardizes and automates hybrid and multicloud provisioning. Cortex Cloud integrates seamlessly into the flow, enforcing preconfigured security and compliance policies during the Terraform plan stage.
![The Cortex Cloud run task integration with HCP Terraform](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/09/word-image-344226-1.png)
Figure 1. The Cortex Cloud run task integration with HCP Terraform

The result? Teams can rapidly provision infrastructure with confidence, knowing noncompliant deployments are blocked at build time. Developers get freedom to move fast, security teams gain visibility and control, and business leaders see faster delivery with reduced operational risk.

## **Key Use Cases**

One of the most common challenges we see is the silo effect --- developers, platform engineers and security teams each pulled in different directions. Developers prioritize speed, security prioritizes compliance, and ops prioritizes scalability. The end amounts to friction, rework and sometimes costly gaps.

With the Cortex Cloud and HCP Terraform integration, those silos collapse. Security policies are automatically embedded in every workspace run. HCP Terraform run task triggers Cortex Cloud checks during each plan, and event-driven run tasks enforce policies in real time. Teams not only see what's being provisioned, but they can also autoremediate with code fixes or automated pull requests.

* **Strengthen Security by Default:** Prevent noncompliant IaC deployments before they reach production, reducing risk exposure and enabling consistent adherence to organizational policies.
* \*\*Optimize Cloud Operations:\*\*Minimize manual work and streamline processes, improving operational efficiency and maximizing return on cloud investments.
* \*\*Accelerate Secure Provisioning:\*\*Enable fast, consistent and compliant infrastructure delivery at scale across hybrid and multicloud environments, empowering teams to innovate without friction.
* \*\*Reduce Costs:\*\*Eliminate expensive, time-consuming remediation in production by addressing misconfigurations and vulnerabilities early in the development lifecycle.

For enterprises under pressure to deliver faster while meeting regulatory and security requirements, this integrated approach is a game-changer.

## **A Path to Prevention-First**

The promise of shift left has always been clear. What's been missing is a practical way to align developers, security and operations without slowing anyone down. By automating compliant infrastructure delivery, Cortex Cloud and HCP Terraform turn that promise into practice.

Instead of reacting to cracks in the foundation, organizations can secure application infrastructure by default.

## **Learn More**

Palo Alto Networks and HashiCorp are working together to help enterprises streamline secure cloud adoption. [Join our workshop](https://www.hashicorp.com/en/events/webinars/cloud-devsecops-workshop-with-hcp-terraform-cortex-cloud-and-gcp) to see how you can accelerate secure development by automating the delivery of a compliant cloud infrastructure.

*** ** * ** ***

## Related Blogs

### [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Palo Alto Networks and Veracode: Unifying Application Security from Code to Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/application-security-veracode-partnership/)

### [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### How Cortex Cloud and Semgrep Are Redefining AI-Driven Application Security](https://www2.paloaltonetworks.com/blog/cloud-security/application-security-semgrep-partnership/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)

[#### An Inside Look into ASPM: Five Findings from New Industry Research](https://www2.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Supply Chain Security](https://www.paloaltonetworks.com/blog/cloud-security/category/supply-chain-security/?ts=markdown)

[#### Shai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm](https://www2.paloaltonetworks.com/blog/cloud-security/shai-hulud-2-0-npm-worm-detection-blocking/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk](https://www2.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Security Theater: Your AppSec Success Metrics Are Misleading](https://www2.paloaltonetworks.com/blog/cloud-security/sucess-measurements-security-theater/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language