Applying network access policy to workloads in the cloud differs significantly from the perimeter-centric approach to network security in datacenter. The shift of security boundaries from zone to workload, the continuous workload deployment using DevOps practices and K8s, with the need to control traffic traversing the hybrid environment, now more than ever, requires automated security policy.