CSPs provide myriad services and security controls. Cloud security vendors pile a mountain of violations against these controls and services as part of software-defined orchestration. Incorporating threat modeling, as a practice, into developers’ software delivery platforms with tooling facilitates automatic model creation and threat detection, allowing organizations to make CSP cloud security blueprints their own, and keep developers on that paved road at scale.