GEICO has aggressively transformed its IT infrastructure over the past decade, shifting from a fully on-premises model in 2013 to utilizing 80% public cloud by 2020. However, by 2022, the company faced significant challenges: costs ballooned to over $300 million, compute resources were inefficiently utilized, and developer productivity plummeted. The infrastructure was also burdened by a client-server model that was no longer effective, leading to decreased reliability. To address these issues, GEICO recognized that its legacy network-centric security model was not sustainable in a hybrid and multi-cloud environment. The company shifted its focus from securing the network to prioritizing identity-based security. This involved moving security policies closer to users and workloads rather than relying solely on firewalls and VLANs. Ammar Zuberi, a distinguished engineer at GEICO, emphasized that simplifying the network while enforcing security at higher layers allowed for a more reliable and efficient infrastructure. As GEICO centralized identity and secrets management, it adopted HashiCorp Vault to streamline the handling of certificates and workload identities. Previously, certificate management was inconsistent and often manual, creating security vulnerabilities. By using Vault, GEICO established a standardized method for managing secrets across its diverse environments, which improved both security and operational efficiency. This transformation has positioned GEICO for better scalability and control as it prepares for future initiatives, particularly those involving AI.