The third post in the IDP Best Practices series explores the implementation of policy as code using Pulumi CrossGuard to establish deployment guardrails, ensuring developer speed while maintaining security and compliance. Highlighting the challenge of balancing speed and safety, the post recounts Statsig's experience, where dependency on one infrastructure engineer led to operational bottlenecks. By integrating automated guardrails, Statsig transformed its infrastructure management, enabling self-service without compromising security. The text details the architecture of a modern platform, comprising three layers with varying security needs, and emphasizes the importance of deployment guardrails as automated policies that prevent misconfigurations. Pulumi CrossGuard, a policy as code framework, allows writing policies in familiar programming languages to enforce compliance across cloud resources. The post provides practical examples of guardrails, outlines different policy enforcement models, and discusses best practices for policy implementation, emphasizing starting small, clear communication, and continuous improvement. It also anticipates future trends, such as AI-enhanced policies and multi-cloud governance, highlighting the role of policy as code in enabling safe, scalable infrastructure management.