You are responsible for a customer-facing application that has recently moved from a single on-prem environment to cloud infrastructure. The system now runs across managed compute, object storage, and a managed database, and it processes customer account data and internal operational metadata. After the migration, your team noticed inconsistent access patterns, an increase in privileged changes, and gaps in visibility across cloud services. You need to make the environment secure without slowing down engineering delivery.
How would you design and harden this cloud environment so that identity, network access, secrets, logging, and incident response are all handled safely? Be explicit about the threats you are prioritizing, the controls you would implement, and how you would verify those controls actually work.