The shift from traditional IT infrastructure to cloud-based applications has significant implications for IT security, as security tools and practices are designed for central IT teams, not independent application teams. The cloud eliminates the need for centrally managed infrastructure, making it a part of the application itself, but also introduces new security concerns such as unpatched containers and open ports that can be exploited by attackers. To address these challenges, organizations need to rethink their security practices, tools, and team structures to work with the development organization, understand the needs of application developers, and invest in flexible, API-driven, self-serve security tools. This transition will require significant changes, but is necessary to stay ahead of emerging threats and ensure the security of cloud-based applications.