This platform helps you design defensible cloud posture before implementation
Build security intent for new infrastructure. With engineering-first guidance across critical security domains and visibility into trade-offs and decision context, Build is your companion for establishing cloud security intent with intuitive, engineering-first recommendations helping you make informed decisions about you cloud build.
Coverage of eight domains including identity, network, resilience, and governance
Capture workload characteristics, record trust boundaries, declare risk posture, and document constraints
Record selected patterns, log rationale and trade-offs, preserve decision context, and version posture snapshots
Document workload characteristics, trust boundaries, risk posture, and constraints for each system
Record selected patterns with rationale, trade-offs, and context for each security domain
Transparent assessment of security trade-offs to support informed decision-making
Capture team decisions, specific configurations, and implementation guidance
Comprehensive export containing intent summary, assumptions registry, decision log, domain selections, and evidence advisory to suppport audit commitments
Essential security patterns for standard workloads. Covers fundamental best practices without heightened security requirements or regulatory obligations.
Example: "I am launching a web application to host a personal website or small business site with non-sensitive public information."
Strengthened patterns for workloads handling sensitive data, intellectual property, or requiring heightened scrutiny. Additional layers beyond baseline.
Example: "I am building an internal application that handles employee data, proprietary business information, or customer PII."
Comprehensive patterns for workloads with regulatory requirements or strict customer obligations. Meets specific compliance frameworks and audit requirements.
Example: "I am deploying a healthcare application that must comply with HIPAA, or a financial services platform that must meet PCI-DSS requirements."
Stratified Approach: Build. generates one recommendation for each tier (Baseline, Enhanced, Hardened) per domain. This gives you flexibility to choose the security level that matches your workload's requirements and risk tolerance.
Define your workload with context: environment (dev/staging/prod), type (web app, API, data pipeline), sensitivity level, and compliance requirements (if applicable).
Build Your Environment: Step through each domain, review recommendations, and select what fits your needs. Perfect for greenfield projects.
Browse all recommendations for free. Click "Explore Details" only on recommendations you're seriously considering to see implementation examples, service dependencies, implementation hurdles, and detailed security enhancement information.
For selected recommendations, add implementation notes, team decisions, or specific configurations. This context will be included in your starter pack.
Export a comprehensive security document with your selected recommendations and notes. Share it with your team or use it as a security blueprint.
High-level overview of your security intent including workload characteristics, domain coverage, and selected recommendations count.
Documented workload characteristics, trust boundaries, risk posture, and constraints that inform your security architecture decisions.
Record of selected patterns with rationale, trade-offs, and context for each security domain, preserving the reasoning behind architectural choices.
Detailed documentation for each security domain you completed, including selected recommendations, implementation considerations, and your custom notes.
Guidance on what evidence to collect to validate security patterns are properly implemented, including validation approaches and continuous monitoring recommendations.
Format: All files are in Markdown format (.md) for easy viewing, editing, and version control. The complete pack is delivered as a ZIP file for download.
Note: Structured JSON export is available only in paid tiers for programmatic integration and advanced tooling.
Step 1: Create workload "Customer Portal API" - Production environment, Web Application type, High sensitivity, PCI-DSS compliance
Step 2: Start Build Flow - System generates tailored recommendations for each domain based on your context
Step 3: In "Identity & Access Control" domain, browse 3 stratified recommendations. Explore details on the ones that match your security tier
Step 4: Select 2 recommendations, add notes about team's IAM strategy and existing role structure
Step 5: Continue through remaining domains, being selective about what to explore and implement
Step 6: Complete the build flow and generate your posture snapshot with selected recommendations
Result: Download starter pack as a ZIP containing 11 Markdown files with your security blueprint ready for implementation
What counts as a deep dive? Clicking "Deep Dive" on a recommendation to view implementation examples, trade-offs, and detailed guidance counts as one deep dive for that workload.
Create your first workload and experience AI-native security guidance