This thesis addresses the growing complexity of securing modern enterprise infrastructures by proposing and implementing automated, security frameworks for multicloud environments. As organizations shift from traditional on-premise systems to multiple cloud architectures involving AWS, Azure, and GCP, manual security management becomes prone to errors and "visibility gaps" . The first phase of the work involved the transition of Azure Policy governance from a manual process to a centralized, code-driven model named Enterprise Azure Policy as Code (EPAC). This framework replaces manual "ClickOps" procedures, utilizing Azure DevOps to manage policy definitions, initiatives, assignments, and exemptions as software artifacts. This implementation enables idempotent policy deployments that eliminate configuration drift and reduces "shadow governance".